summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--po/as.po316
-rw-r--r--po/bn.po316
-rw-r--r--po/ca.po316
-rw-r--r--po/cs.po316
-rw-r--r--po/de.po316
-rw-r--r--po/el.po316
-rw-r--r--po/es.po317
-rw-r--r--po/et.po316
-rw-r--r--po/fa.po316
-rw-r--r--po/fi.po316
-rw-r--r--po/fr.po316
-rw-r--r--po/hu.po316
-rw-r--r--po/id.po317
-rw-r--r--po/it.po317
-rw-r--r--po/ja.po316
-rw-r--r--po/ja_JP.po316
-rw-r--r--po/ko.po316
-rw-r--r--po/lt.po316
-rw-r--r--po/nb.po316
-rw-r--r--po/nl.po316
-rw-r--r--po/nn.po316
-rw-r--r--po/pl.po317
-rw-r--r--po/pt.po317
-rw-r--r--po/pt_BR.po316
-rw-r--r--po/ru.po317
-rw-r--r--po/sk.po316
-rw-r--r--po/sq.po316
-rw-r--r--po/sr.po316
-rw-r--r--po/sssd.pot316
-rw-r--r--po/sv.po317
-rw-r--r--po/ta.po316
-rw-r--r--po/tr.po316
-rw-r--r--po/uk.po317
-rw-r--r--po/vi.po316
-rw-r--r--po/zh_CN.po316
-rw-r--r--po/zh_TW.po317
-rw-r--r--src/man/po/as.po705
-rw-r--r--src/man/po/bn.po705
-rw-r--r--src/man/po/bs.po705
-rw-r--r--src/man/po/ca.po705
-rw-r--r--src/man/po/cs.po712
-rw-r--r--src/man/po/de.po705
-rw-r--r--src/man/po/el.po705
-rw-r--r--src/man/po/es.po727
-rw-r--r--src/man/po/et.po705
-rw-r--r--src/man/po/fa.po705
-rw-r--r--src/man/po/fi.po705
-rw-r--r--src/man/po/fr.po767
-rw-r--r--src/man/po/hu.po705
-rw-r--r--src/man/po/id.po705
-rw-r--r--src/man/po/it.po705
-rw-r--r--src/man/po/ja.po705
-rw-r--r--src/man/po/ja_JP.po705
-rw-r--r--src/man/po/ko.po705
-rw-r--r--src/man/po/lt.po705
-rw-r--r--src/man/po/nb.po705
-rw-r--r--src/man/po/nl.po727
-rw-r--r--src/man/po/nn.po705
-rw-r--r--src/man/po/pl.po705
-rw-r--r--src/man/po/pt.po705
-rw-r--r--src/man/po/pt_BR.po705
-rw-r--r--src/man/po/ru.po705
-rw-r--r--src/man/po/sk.po705
-rw-r--r--src/man/po/sq.po705
-rw-r--r--src/man/po/sr.po705
-rw-r--r--src/man/po/sssd-docs.pot695
-rw-r--r--src/man/po/ta.po705
-rw-r--r--src/man/po/tr.po705
-rw-r--r--src/man/po/uk.po788
-rw-r--r--src/man/po/ur.po705
-rw-r--r--src/man/po/vi.po705
-rw-r--r--src/man/po/zh_CN.po705
-rw-r--r--src/man/po/zh_TW.po705
73 files changed, 23041 insertions, 14615 deletions
diff --git a/po/as.po b/po/as.po
index fcdb4ccc..6ba278c5 100644
--- a/po/as.po
+++ b/po/as.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Assamese (http://www.transifex.net/projects/p/fedora/team/"
@@ -210,541 +210,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -778,35 +798,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -922,29 +942,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/bn.po b/po/bn.po
index 80e4775f..d74eea4b 100644
--- a/po/bn.po
+++ b/po/bn.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Bengali <info@ankur.org.bd>\n"
@@ -209,541 +209,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -777,35 +797,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -921,29 +941,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/ca.po b/po/ca.po
index e646e7d4..41fa9c0c 100644
--- a/po/ca.po
+++ b/po/ca.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Catalan <fedora@llistes.softcatala.org>\n"
@@ -209,541 +209,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -777,35 +797,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -921,29 +941,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/cs.po b/po/cs.po
index 74052444..7d1d2c99 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Czech (http://www.transifex.net/projects/p/fedora/team/cs/)\n"
@@ -209,541 +209,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -777,35 +797,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -921,29 +941,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/de.po b/po/de.po
index eedd7813..630c02b7 100644
--- a/po/de.po
+++ b/po/de.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSS\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2009-12-09 11:13+0100\n"
"Last-Translator: Fabian Affolter <fab@fedoraproject.org>\n"
"Language-Team: German <fedora-trans-de@redhat.com>\n"
@@ -210,561 +210,581 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
+msgstr ""
+
+#: src/config/SSSDConfig.py:98
msgid "IPA domain"
msgstr "IPA-Domain"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:99
msgid "IPA server address"
msgstr "IPA-Serveradresse"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:100
msgid "IPA client hostname"
msgstr "IPA-Client-Rechnername"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:101
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:101
+#: src/config/SSSDConfig.py:102
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:103
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr "Kerberos-Serveradresse"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr "Kerberos Realm"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
#, fuzzy
msgid "entryUSN attribute"
msgstr "UID-Attribut"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
#, fuzzy
msgid "lastUSN attribute"
msgstr "UID-Attribut"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr "UID-Attribut"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr "GECOS-Attribut"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr "Shell-Attribut"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr "UUID-Attribut"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr "Vollständiger Name"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
#, fuzzy
msgid "shadowMin attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
#, fuzzy
msgid "shadowMax attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
#, fuzzy
msgid "shadowWarning attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
#, fuzzy
msgid "shadowInactive attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
#, fuzzy
msgid "shadowExpire attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
#, fuzzy
msgid "shadowFlag attribute"
msgstr "Shell-Attribut"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
#, fuzzy
msgid "accountExpires attribute of AD"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
#, fuzzy
msgid "nsAccountLock attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
#, fuzzy
msgid "loginDisabled attribute of NDS"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
#, fuzzy
msgid "loginExpirationTime attribute of NDS"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
#, fuzzy
msgid "Group name"
msgstr "Gruppen"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
#, fuzzy
msgid "Group password"
msgstr "Gruppen"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
#, fuzzy
msgid "GID attribute"
msgstr "UID-Attribut"
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
#, fuzzy
msgid "Group member attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
#, fuzzy
msgid "Group UUID attribute"
msgstr "UUID-Attribut"
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
#, fuzzy
msgid "Netgroups members attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
#, fuzzy
msgid "Netgroup triple attribute"
msgstr "Benutzername-Attribut"
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
#, fuzzy
msgid "Netgroup UUID attribute"
msgstr "UUID-Attribut"
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -798,35 +818,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -942,29 +962,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/el.po b/po/el.po
index f668e91e..2484dca3 100644
--- a/po/el.po
+++ b/po/el.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Greek <trans-el@lists.fedoraproject.org>\n"
@@ -209,541 +209,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -777,35 +797,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -921,29 +941,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/es.po b/po/es.po
index 251f7f6c..9b474601 100644
--- a/po/es.po
+++ b/po/es.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sss_daemon 0.4.0\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-07-20 09:18-0300\n"
"Last-Translator: Héctor Daniel Cabrera <logan@fedoraproject.org>\n"
"Language-Team: Fedora Spanish <trans-es@lists.fedoraproject.org>\n"
@@ -226,582 +226,603 @@ msgstr "La sección del dominio de la consulta para descubrir servicios DNS"
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
+msgstr ""
+
+#: src/config/SSSDConfig.py:98
msgid "IPA domain"
msgstr "Dominio IPA"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:99
msgid "IPA server address"
msgstr "Dirección del servidor IPA"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:100
msgid "IPA client hostname"
msgstr "Nombre de equipo del cliente IPA"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:101
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Si actualizar o no en forma automática la entrada DNS del cliente en FreeIPA"
-#: src/config/SSSDConfig.py:101
+#: src/config/SSSDConfig.py:102
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"La interfaz cuya IP debería ser utilizada para actualizaciones DNS "
"automáticas"
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:103
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr "Dirección del servidor Kerberos"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr "Reinado Kerberos"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr "Expiración de la autenticación"
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr "Directorio donde almacenar las credenciales cacheadas"
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr "Ubicación del caché de credenciales del usuario"
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr "Ubicación de la tabla de claves para validar las credenciales"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr "Habilitar la validación de credenciales"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
"Si se encuentra desconectado, almacena contraseñas para más tarde realizar "
"una autenticación en línea"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
#, fuzzy
msgid "Enables principal canonicalization"
msgstr "Habilitar la validación de credenciales"
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"El servidor en donde está ejecutándose el servicio de modificación de "
"contraseña, en caso de no ser KDC. "
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, El URI del servidor LDAP"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr "DN base predeterminado"
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "El Tipo de Esquema a usar en el servidor LDAP, rfc2307"
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr "El DN Bind predeterminado"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr "El tipo del token de autenticación del DN bind predeterminado"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr "El token de autenticación del DN bind predeterminado"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr "Tiempo durante el que se intentará la conexión"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Tiempo durante el que se intentará operaciones LDAP sincrónicas"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr "Tiempo entre intentos de reconexión cuando esté fuera de línea"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr "Archivo que contiene los certificados CA"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr "Ruta hacia un directorio certificado CA"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
#, fuzzy
msgid "File that contains the client certificate"
msgstr "Archivo que contiene los certificados CA"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
#, fuzzy
msgid "File that contains the client key"
msgstr "Archivo que contiene los certificados CA"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr "Requiere la verificación de certificado TLS"
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr "Especificar el mecanismo sasl a usar"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr "Especifique el id de autorización sasl a usar"
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
#, fuzzy
msgid "Specify the sasl authorization realm to use"
msgstr "Especifique el id de autorización sasl a usar"
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+#, fuzzy
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr "Especifique el id de autorización sasl a usar"
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr "Tabla de clave del servicio Kerberos"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr "Usar auth Kerberos para la conexión LDAP"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr "Seguir referencias LDAP"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr "Período de vida del TGT para la conexión LDAP"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
#, fuzzy
msgid "Service name for DNS service lookups"
msgstr "Filtro para las búsquedas del usuario"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
#, fuzzy
msgid "entryUSN attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
#, fuzzy
msgid "lastUSN attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr "Tiempo máximo a esperar un pedido de búsqueda"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
#, fuzzy
msgid "Length of time to wait for a enumeration request"
msgstr "Tiempo máximo a esperar un pedido de búsqueda"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr "Tiempo en segundos entre las actualizaciones de enumeración"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
#, fuzzy
msgid "Length of time between cache cleanups"
msgstr "Tiempo en segundos entre las actualizaciones de enumeración"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr "Requiere TLS para búsquedas de ID"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr "DN base para búsquedas de usuario"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr "Ambito de las búsquedas del usuario"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr "Filtro para las búsquedas del usuario"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr "Objectclass para los usuarios"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr "Atributo GID primario"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr "Atributo GECOS"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr "Atributo Directorio de inicio"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr "Atributo shell"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr "Atributo UUID"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr "Atributo principal del usuario (para Kerberos) "
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr "Nombre completo"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr "Atributo hora de modificación"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
#, fuzzy
msgid "shadowMin attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
#, fuzzy
msgid "shadowMax attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
#, fuzzy
msgid "shadowWarning attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
#, fuzzy
msgid "shadowInactive attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
#, fuzzy
msgid "shadowExpire attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
#, fuzzy
msgid "shadowFlag attribute"
msgstr "Atributo shell"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
#, fuzzy
msgid "krbPasswordExpiration attribute"
msgstr "Atributo hora de modificación"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
#, fuzzy
msgid "accountExpires attribute of AD"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
#, fuzzy
msgid "nsAccountLock attribute"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
#, fuzzy
msgid "loginDisabled attribute of NDS"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
#, fuzzy
msgid "loginExpirationTime attribute of NDS"
msgstr "Atributo Username"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
#, fuzzy
msgid "Base DN for group lookups"
msgstr "DN base para búsquedas de usuario"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
#, fuzzy
msgid "Objectclass for groups"
msgstr "Objectclass para los usuarios"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
#, fuzzy
msgid "Group name"
msgstr "Grupos"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
#, fuzzy
msgid "Group password"
msgstr "Grupos"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
#, fuzzy
msgid "GID attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
#, fuzzy
msgid "Group member attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
#, fuzzy
msgid "Group UUID attribute"
msgstr "Atributo UUID"
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
#, fuzzy
msgid "Modification time attribute for groups"
msgstr "Atributo hora de modificación"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
#, fuzzy
msgid "Base DN for netgroup lookups"
msgstr "DN base para búsquedas de usuario"
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
#, fuzzy
msgid "Objectclass for netgroups"
msgstr "Objectclass para los usuarios"
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
#, fuzzy
msgid "Netgroups members attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
#, fuzzy
msgid "Netgroup triple attribute"
msgstr "Atributo hora de modificación"
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
#, fuzzy
msgid "Netgroup UUID attribute"
msgstr "Atributo UUID"
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
#, fuzzy
msgid "Modification time attribute for netgroups"
msgstr "Atributo hora de modificación"
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr "Política para evaluar el vencimiento de la contraseña"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr "Filtro LDAP para determinar privilegios de acceso"
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr "Lista separada por comas de usuarios autorizados"
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr "Lista separada por comas de usuarios prohibidos"
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr "Shell predeterminado, /bin/bash"
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr "Base de los directorios de inicio"
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr "Nombre de la biblioteca NSS a usar"
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr "Pila PAM a usar"
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr "Convertirse en demonio (predeterminado)"
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr "Ejecutarse en forma interactiva (no un demonio)"
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr "Indicar un archivo de configuración diferente al predeterminado"
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr "Nive de depuración"
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr "Agregar marcas de tiempo de depuración"
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr "Un arhivo abierto de descriptor para los registros de depuración"
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr "Dominio del proveedor de información (obligatorio)"
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr "El zócalo privilegiado posee permisos o pertenencia equivocados."
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr "El zócalo público posee permisos o pertenencia equivocados."
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr "Formato no esperado del mensaje de la credencial del servidor."
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr "SSSD no está siendo ejecutado por el usuario root."
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr "Ha ocurrido un error, pero no se ha podido encontrar una descripción."
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
"Ha ocurrido un error no esperado mientras se buscaba la descripción del error"
@@ -836,35 +857,35 @@ msgstr "Su contraseña expirará en %d %s."
msgid "Authentication is denied until: "
msgstr "La autenticación ha sido denegada hasta:"
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "El sistema está fuera de línea, no se puede cambiar la contraseña"
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "Falló el cambio de contraseña."
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Mensaje del servidor:"
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr "Nueva contraseña: "
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr "Reingrese la contraseña nueva:"
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr "Contraseña: "
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr "Contraseña actual: "
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr "La contraseña ha expirado. Modifíquela en este preciso momento."
@@ -982,31 +1003,31 @@ msgstr "No es posible definir contexto de registro de SELinux\n"
msgid "Cannot get info about the user\n"
msgstr "No se pudo obtener información del usuario\n"
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"El directorio de inicio del usuario ya existe, no copiar datos desde el "
"esqueleto\n"
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr "No se pudo crear el directorio personal del usuario: %s\n"
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr "No se pudo crear el receptor de correo del usuario: %s\n"
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "No se pudo asignar el ID para el usuario - ¿el dominio estará lleno?\n"
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr "Ya existe un usuario o grupo con el mismo nombre o ID\n"
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr "Error en la transacción. No se pudo agregar el usuario.\n"
diff --git a/po/et.po b/po/et.po
index 1af8cdbe..4c4c2223 100644
--- a/po/et.po
+++ b/po/et.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Estonian (http://www.transifex.net/projects/p/fedora/team/"
@@ -210,541 +210,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -778,35 +798,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -922,29 +942,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/fa.po b/po/fa.po
index ca98afe3..d0619dad 100644
--- a/po/fa.po
+++ b/po/fa.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Persian (http://www.transifex.net/projects/p/fedora/team/"
@@ -210,541 +210,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -778,35 +798,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -922,29 +942,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/fi.po b/po/fi.po
index 07bc7714..42953327 100644
--- a/po/fi.po
+++ b/po/fi.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Finnish (http://www.transifex.net/projects/p/fedora/team/"
@@ -210,541 +210,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -778,35 +798,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -922,29 +942,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/fr.po b/po/fr.po
index e1fe567b..14f4520c 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: fr\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2009-11-17 21:05+0100\n"
"Last-Translator: Pablo Martin-Gomez <pablo.martin-gomez@laposte.net>\n"
"Language-Team: Français <fedora-trans-fr@redhat.com>\n"
@@ -209,541 +209,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -777,37 +797,37 @@ msgstr "Le mot de passe a expiré."
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
#, fuzzy
msgid "Password change failed. "
msgstr "Le mot de passe a expiré."
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr "Nouveau mot de passe : "
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr "Retaper le nouveau mot de passe : "
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr "Mot de passe : "
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
#, fuzzy
msgid "Current Password: "
msgstr "Nouveau mot de passe : "
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -923,29 +943,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/hu.po b/po/hu.po
index 9ac4af9b..5bf2d7f2 100644
--- a/po/hu.po
+++ b/po/hu.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Hungarian <trans-hu@lists.fedoraproject.org>\n"
@@ -209,541 +209,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -777,35 +797,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -921,29 +941,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/id.po b/po/id.po
index 1c4b8a69..3e6d9464 100644
--- a/po/id.po
+++ b/po/id.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-03-09 10:34+0700\n"
"Last-Translator: Teguh DC <dheche@songolimo.net>\n"
"Language-Team: Fedora Indonesia <trans-id@lists.fedoraproject.org>\n"
@@ -210,578 +210,599 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
+msgstr ""
+
+#: src/config/SSSDConfig.py:98
msgid "IPA domain"
msgstr "Domain IPA"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:99
msgid "IPA server address"
msgstr "Alamat server IPA"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:100
msgid "IPA client hostname"
msgstr "Nama host klien IPA"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:101
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:101
+#: src/config/SSSDConfig.py:102
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:103
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr "Alamat server Kerberos"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr "Realm Kerberos"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI server LDAP"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Jenis Skema yang digunakan pada server LDAP, rfc2307"
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr "Lamanya waktu untuk mencoba koneksi"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Lamanya waktu untuk mencoba operasi LDAP yang sinkron"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
#, fuzzy
msgid "File that contains CA certificates"
msgstr "berkas yang berisi sertifikat CA"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
#, fuzzy
msgid "File that contains the client certificate"
msgstr "berkas yang berisi sertifikat CA"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
#, fuzzy
msgid "File that contains the client key"
msgstr "berkas yang berisi sertifikat CA"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr "Membutuhkan verifikasi sertifikat TLS"
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr "Tentukan mekanisme sasl yang digunakan"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr "Tentukan id otorisasi sasl yang digunakan"
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
#, fuzzy
msgid "Specify the sasl authorization realm to use"
msgstr "Tentukan id otorisasi sasl yang digunakan"
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+#, fuzzy
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr "Tentukan id otorisasi sasl yang digunakan"
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr "Keytab layanan Kerberos"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
#, fuzzy
msgid "Lifetime of TGT for LDAP connection"
msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
#, fuzzy
msgid "Service name for DNS service lookups"
msgstr "Filter pencarian pengguna"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
#, fuzzy
msgid "entryUSN attribute"
msgstr "Atribut UID"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
#, fuzzy
msgid "lastUSN attribute"
msgstr "Atribut UID"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
#, fuzzy
msgid "Length of time to wait for a enumeration request"
msgstr "Lamanya waktu untuk mencoba koneksi"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
#, fuzzy
msgid "Length of time between cache cleanups"
msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
#, fuzzy
msgid "Require TLS for ID lookups"
msgstr "Filter pencarian pengguna"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr "Lingkup pencarian pengguna"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr "Filter pencarian pengguna"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr "Objectclass untuk pengguna"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr "Atribut UID"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr "Atribut GID Primer"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr "Atribut GECOS"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr "Atribut direktori Home"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr "Atribut Shell"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr "Atribut UUID"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr "Atribut utama pengguna (untuk Kerberos)"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr "Nama Lengkap"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr "Atribut memberOf"
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr "Atribut waktu modifikasi"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
#, fuzzy
msgid "shadowMin attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
#, fuzzy
msgid "shadowMax attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
#, fuzzy
msgid "shadowWarning attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
#, fuzzy
msgid "shadowInactive attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
#, fuzzy
msgid "shadowExpire attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
#, fuzzy
msgid "shadowFlag attribute"
msgstr "Atribut Shell"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
#, fuzzy
msgid "krbPasswordExpiration attribute"
msgstr "Atribut waktu modifikasi"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
#, fuzzy
msgid "accountExpires attribute of AD"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
#, fuzzy
msgid "nsAccountLock attribute"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
#, fuzzy
msgid "loginDisabled attribute of NDS"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
#, fuzzy
msgid "loginExpirationTime attribute of NDS"
msgstr "Atribut Nama pengguna"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
#, fuzzy
msgid "Base DN for group lookups"
msgstr "Filter pencarian pengguna"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
#, fuzzy
msgid "Objectclass for groups"
msgstr "Objectclass untuk pengguna"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
#, fuzzy
msgid "Group name"
msgstr "Grup"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
#, fuzzy
msgid "Group password"
msgstr "Grup"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
#, fuzzy
msgid "GID attribute"
msgstr "Atribut UID"
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
#, fuzzy
msgid "Group member attribute"
msgstr "Atribut memberOf"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
#, fuzzy
msgid "Group UUID attribute"
msgstr "Atribut UUID"
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
#, fuzzy
msgid "Modification time attribute for groups"
msgstr "Atribut waktu modifikasi"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
#, fuzzy
msgid "Base DN for netgroup lookups"
msgstr "Filter pencarian pengguna"
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
#, fuzzy
msgid "Objectclass for netgroups"
msgstr "Objectclass untuk pengguna"
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
#, fuzzy
msgid "Netgroups members attribute"
msgstr "Atribut memberOf"
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
#, fuzzy
msgid "Netgroup triple attribute"
msgstr "Atribut waktu modifikasi"
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
#, fuzzy
msgid "Netgroup UUID attribute"
msgstr "Atribut UUID"
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
#, fuzzy
msgid "Modification time attribute for netgroups"
msgstr "Atribut waktu modifikasi"
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr "Daftar pengguna yang diijinkan dalam format yang dipisahkan koma"
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr "Daftar pengguna yang tidak diijinkan dalam format yang dipisahkan koma"
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr "Shell default, /bin/bash"
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
#, fuzzy
msgid "An open file descriptor for the debug logs"
msgstr "Mengatur verbosity dari pencatatan debug"
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -816,35 +837,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr "Otentikasi luring, otentikasi ditolak sampai:"
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "Sistem sedang luring, perubahan kata sandi tidak dimungkinkan"
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "Perubahan kata sandi gagal."
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Pesan server:"
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr "Kata Sandi Baru: "
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr "Masukkan lagi kata sandi baru:"
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr "Kata sandi:"
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr "Kata sandi saat ini:"
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -961,30 +982,30 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr "Tidak bisa mendapatkan info tentang pengguna\n"
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"Direktori home milik pengguna sudah ada, tidak menyalin data dari skeldir\n"
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr "Tidak dapat membuat direktori home milik pengguna: %s\n"
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr "Tidak dapat membuat spool mail milik pengguna: %s\n"
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "Tidak dapat mengalokasikan ID untuk pengguna - domain penuh?\n"
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr "Pengguna atau grup dengan nama atau ID yang sama sudah ada\n"
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr "Kesalahan transaksi. Tidak dapat menambahkan pengguna.\n"
diff --git a/po/it.po b/po/it.po
index 3098ebff..cfc004a7 100644
--- a/po/it.po
+++ b/po/it.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: it\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-04-08 16:50+0200\n"
"Last-Translator: Guido Grazioli <guido.grazioli@gmail.com>\n"
"Language-Team: Italian <trans-it@lists.fedoraproject.org>\n"
@@ -221,580 +221,601 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
+msgstr ""
+
+#: src/config/SSSDConfig.py:98
msgid "IPA domain"
msgstr "Dominio IPA"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:99
msgid "IPA server address"
msgstr "Indirizzo del server IPA"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:100
msgid "IPA client hostname"
msgstr "Hostname del client IPA"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:101
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:101
+#: src/config/SSSDConfig.py:102
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:103
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr "Indirizzo del server Kerberos"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr "Realm Kerberos"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr "Timeout di autenticazione"
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr "Directory in cui salvare le credenziali"
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr "Percorso della cache delle credenziali utente"
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr "Percorso del keytab per la validazione delle credenziali"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr "Abilita la validazione delle credenziali"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
#, fuzzy
msgid "Enables principal canonicalization"
msgstr "Abilita la validazione delle credenziali"
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Server dove viene eseguito il servizio di cambio password, se non nel KDC"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, l'indirizzo del server LDAP"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr "Il base DN predefinito"
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Lo Schema Type utilizzato dal server LDAP, rfc2307"
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr "Il bind DN predefinito"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr "Il tipo di token di autenticazione del bind DN predefinito"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr "Il token di autenticazione del bind DN predefinito"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr "Durata del tentativo di connessione"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Durata del tentativo di esecuzione di operazioni LDAP sincrone"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr "Durata tra tentativi di riconnessione quando offline"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
#, fuzzy
msgid "File that contains CA certificates"
msgstr "file che contiene certificati CA"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
#, fuzzy
msgid "File that contains the client certificate"
msgstr "file che contiene certificati CA"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
#, fuzzy
msgid "File that contains the client key"
msgstr "file che contiene certificati CA"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr "Richiedere la verifica del certificato TLS"
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr "Specificare il meccanismo sasl da usare"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr "Specificare l'id di autorizzazione sasl da usare"
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
#, fuzzy
msgid "Specify the sasl authorization realm to use"
msgstr "Specificare l'id di autorizzazione sasl da usare"
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+#, fuzzy
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr "Specificare l'id di autorizzazione sasl da usare"
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr "Keytab del servizio Kerberos"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr "Usare autorizzazione Kerberos per la connessione LDAP"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr "Seguire i referral LDAP"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
#, fuzzy
msgid "Lifetime of TGT for LDAP connection"
msgstr "Usare autorizzazione Kerberos per la connessione LDAP"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
#, fuzzy
msgid "Service name for DNS service lookups"
msgstr "Filtro per i lookup utente"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
#, fuzzy
msgid "entryUSN attribute"
msgstr "Attributo UID"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
#, fuzzy
msgid "lastUSN attribute"
msgstr "Attributo UID"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr "Durata attesa per le richieste di ricerca"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
#, fuzzy
msgid "Length of time to wait for a enumeration request"
msgstr "Durata attesa per le richieste di ricerca"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr "Durata tra gli aggiornamenti alle enumeration"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
#, fuzzy
msgid "Length of time between cache cleanups"
msgstr "Durata tra gli aggiornamenti alle enumeration"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
#, fuzzy
msgid "Require TLS for ID lookups"
msgstr "Richiedere TLS per gli ID lookup, false"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr "Base DN per i lookup utente"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr "Ambito di applicazione dei lookup utente"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr "Filtro per i lookup utente"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr "Objectclass per gli utenti"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr "Attributo UID"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr "Attributo del GID primario"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr "Attributo GECOS"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr "Attributo della home directory"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr "Attributo della shell"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr "Attributo UUID"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr "Attributo user principal (per Kerberos)"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr "Nome completo"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr "Attributo memberOf"
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr "Attributo data di modifica"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
#, fuzzy
msgid "shadowMin attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
#, fuzzy
msgid "shadowMax attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
#, fuzzy
msgid "shadowWarning attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
#, fuzzy
msgid "shadowInactive attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
#, fuzzy
msgid "shadowExpire attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
#, fuzzy
msgid "shadowFlag attribute"
msgstr "Attributo della shell"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
#, fuzzy
msgid "krbPasswordExpiration attribute"
msgstr "Attributo data di modifica"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
#, fuzzy
msgid "accountExpires attribute of AD"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
#, fuzzy
msgid "nsAccountLock attribute"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
#, fuzzy
msgid "loginDisabled attribute of NDS"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
#, fuzzy
msgid "loginExpirationTime attribute of NDS"
msgstr "Attributo del nome utente"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
#, fuzzy
msgid "Base DN for group lookups"
msgstr "Base DN per i lookup utente"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
#, fuzzy
msgid "Objectclass for groups"
msgstr "Objectclass per gli utenti"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
#, fuzzy
msgid "Group name"
msgstr "Gruppi"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
#, fuzzy
msgid "Group password"
msgstr "Gruppi"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
#, fuzzy
msgid "GID attribute"
msgstr "Attributo UID"
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
#, fuzzy
msgid "Group member attribute"
msgstr "Attributo memberOf"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
#, fuzzy
msgid "Group UUID attribute"
msgstr "Attributo UUID"
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
#, fuzzy
msgid "Modification time attribute for groups"
msgstr "Attributo data di modifica"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
#, fuzzy
msgid "Base DN for netgroup lookups"
msgstr "Base DN per i lookup utente"
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
#, fuzzy
msgid "Objectclass for netgroups"
msgstr "Objectclass per gli utenti"
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
#, fuzzy
msgid "Netgroups members attribute"
msgstr "Attributo memberOf"
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
#, fuzzy
msgid "Netgroup triple attribute"
msgstr "Attributo data di modifica"
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
#, fuzzy
msgid "Netgroup UUID attribute"
msgstr "Attributo UUID"
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
#, fuzzy
msgid "Modification time attribute for netgroups"
msgstr "Attributo data di modifica"
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr "Politica per controllare la scadenza della password"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr "Lista separata da virgola degli utenti abilitati"
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr "Lista separata da virgola degli utenti non abilitati"
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr "Shell predefinita, /bin/bash"
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr "Base delle home directory"
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr "Il nome della libreria NSS da usare"
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr "Stack PAM da usare"
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr "Esegui come demone (default)"
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr "Esegui interattivamente (non come demone)"
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr "Specificare un file di configurazione specifico"
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr "Livello debug"
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr "Includi timestamp di debug"
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr "Un descrittore di file aperto per l'output di debug"
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr "Dominio del provider di informazioni (obbligatorio)"
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
#, fuzzy
msgid "Unexpected format of the server credential message."
msgstr "Percorso della cache delle credenziali utente"
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -829,35 +850,35 @@ msgstr ", la password in cache scadrà il: "
msgid "Authentication is denied until: "
msgstr "Autenticazione offline, l'autenticazione sarà negata fino a:"
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "Il sistema è offline, non è possibile richiedere un cambio password"
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "Cambio password fallito."
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Messaggio del server:"
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr "Nuova password: "
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr "Conferma nuova password: "
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr "Password: "
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr "Password corrente: "
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr "Password scaduta. Cambiare la password ora."
@@ -975,31 +996,31 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr "Impossibile determinare le informazioni dell'utente\n"
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"La directory home dell'utente esiste, non vengono copiati dati dalla "
"directory skeleton\n"
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr "Impossibile creare la directory home dell'utente: %s\n"
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr "Impossibile creare lo spool di mail dell'utente: %s\n"
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "Impossibile allocare l'ID utente - dominio pieno?\n"
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr "Utente o gruppo con lo stesso nome o ID già presente\n"
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr "Errore nella transazione. L'utente non è stato aggiunto.\n"
diff --git a/po/ja.po b/po/ja.po
index e7bd9050..c5fd5e79 100644
--- a/po/ja.po
+++ b/po/ja.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2011-03-08 15:26+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -209,541 +209,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -777,35 +797,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -921,29 +941,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/ja_JP.po b/po/ja_JP.po
index 9b51a40b..95cb7f1b 100644
--- a/po/ja_JP.po
+++ b/po/ja_JP.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -209,541 +209,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -777,35 +797,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -921,29 +941,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/ko.po b/po/ko.po
index 1d61997d..0fdf1a35 100644
--- a/po/ko.po
+++ b/po/ko.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Korean (http://www.transifex.net/projects/p/fedora/team/ko/)\n"
@@ -209,541 +209,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -777,35 +797,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -921,29 +941,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/lt.po b/po/lt.po
index 55fc4ce3..8cb6b86b 100644
--- a/po/lt.po
+++ b/po/lt.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Lithuanian (http://www.transifex.net/projects/p/fedora/team/"
@@ -211,541 +211,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -779,35 +799,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -923,29 +943,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/nb.po b/po/nb.po
index 0aad440c..7a10ff0f 100644
--- a/po/nb.po
+++ b/po/nb.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n"
@@ -209,541 +209,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -777,35 +797,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -921,29 +941,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/nl.po b/po/nl.po
index 006bb41d..dca0122d 100644
--- a/po/nl.po
+++ b/po/nl.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd.master.sss_daemon\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2009-11-19 12:19+0100\n"
"Last-Translator: Richard van der Luit <nippur@fedoraproject.org>\n"
"Language-Team: Dutch <nl@li.org>\n"
@@ -210,541 +210,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -778,37 +798,37 @@ msgstr "Wachtwoord is verlopen."
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
#, fuzzy
msgid "Password change failed. "
msgstr "Wachtwoord is verlopen."
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr "Nieuw Wachtwoord: "
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr "Voer nieuw wachtwoord nogmaals in: "
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr "Wachtwoord: "
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
#, fuzzy
msgid "Current Password: "
msgstr "Nieuw Wachtwoord: "
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -924,29 +944,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/nn.po b/po/nn.po
index 4225b330..80e11393 100644
--- a/po/nn.po
+++ b/po/nn.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Norwegian Nynorsk <i18n-nn@lister.ping.uio.no>\n"
@@ -209,541 +209,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -777,35 +797,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -921,29 +941,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/pl.po b/po/pl.po
index d7ecc697..5fe187fa 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2011-03-08 15:07+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Polish <None>\n"
@@ -224,554 +224,575 @@ msgstr "Część domeny zapytania DNS wykrywania usługi"
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
+msgstr ""
+
+#: src/config/SSSDConfig.py:98
msgid "IPA domain"
msgstr "Domena IPA"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:99
msgid "IPA server address"
msgstr "Adres serwera IPA"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:100
msgid "IPA client hostname"
msgstr "Nazwa komputera klienta IPA"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:101
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Czy automatycznie aktualizować wpis DNS klienta w oprogramowaniu FreeIPA"
-#: src/config/SSSDConfig.py:101
+#: src/config/SSSDConfig.py:102
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"Interfejs, którego adres IP powinien być używany do dynamicznych "
"aktualizacji DNS"
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:103
msgid "Search base for HBAC related objects"
msgstr "Wyszukiwanie podstawy pod kątem obiektów związanych z HBAC"
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr "Adres serwera Kerberos"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr "Obszar Kerberos"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr "Czas oczekiwania na uwierzytelnienie"
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
"Katalog do przechowywania pamięci podręcznych danych uwierzytelniających"
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr "Położenie pamięci podręcznej danych uwierzytelniających użytkownika"
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr "Położenie tablicy kluczy do sprawdzania danych uwierzytelniających"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr "Włącza sprawdzanie danych uwierzytelniających"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
"Przechowuje hasło, jeśli w trybie offline do późniejszego uwierzytelnienia w "
"trybie online"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr "Odnawialny czas trwania TGT"
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr "Czas trwania TGT"
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr "Czas między dwoma sprawdzaniami odnowy"
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr "Włącza FAST"
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
#, fuzzy
msgid "Enables principal canonicalization"
msgstr "Włącza sprawdzanie danych uwierzytelniających"
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Serwer, w którym jest uruchomiona usługa zmiany haseł, jeśli nie znajduje "
"się w KDC"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, adres URI serwera LDAP"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr "Domyślna podstawowa DN"
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Typ Schema do użycia na serwerze LDAP, RFC2307"
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr "Domyślne DN dowiązania"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr "Typ tokenu uwierzytelniania domyślnego DN dowiązania"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr "Token uwierzytelniania domyślnego DN dowiązania"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr "Czas do próby połączenia"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Czas do próby synchronicznych działań LDAP"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr "Czas między próbami ponownego połączenia w trybie offline"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr "Użycie tylko małych znaków w nazwach obszarów"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr "Plik zawierający certyfikaty CA"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr "Ścieżka do katalogu certyfikatów CA"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr "Plik zawierający certyfikat klienta"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr "Plik zawierający klucz klienta"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr "Lista możliwych zestawów szyfrów"
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr "Wymaga sprawdzenia certyfikatu TLS"
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr "Podaje używany mechanizm SASL"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr "Podaje używany identyfikator upoważnienia SASL"
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
#, fuzzy
msgid "Specify the sasl authorization realm to use"
msgstr "Podaje używany identyfikator upoważnienia SASL"
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+#, fuzzy
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr "Podaje używany identyfikator upoważnienia SASL"
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr "Tablica kluczy usługi Kerberos"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr "Używa uwierzytelniania Kerberos dla połączenia LDAP"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr "Podąża za odsyłaniami LDAP"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr "Czas trwania TGT dla połączenia LDAP"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr "Jak wskazywać aliasy"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr "Nazwa usługi do wyszukiwań usługi DNS"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr "Atrybut entryUSN"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr "Atrybut lastUSN"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr "Czas oczekiwania na żądanie wyszukiwania"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr "Czas oczekiwania na żądanie wyliczenia"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr "Czas między aktualizacjami wyliczania"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr "Czas między czyszczeniem pamięci podręcznej"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr "Wymaga TLS dla wyszukiwania identyfikatorów"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr "Podstawowe DN dla wyszukiwania użytkowników"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr "Zakres wyszukiwania użytkowników"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr "Filtruje wyszukiwania użytkowników"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr "Klasa obiektów dla użytkowników"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr "Atrybut nazwy użytkownika"
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr "Atrybut UID"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr "Pierwszy atrybut GID"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr "Atrybut GECOS"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr "Atrybut katalogu domowego"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr "Atrybut powłoki"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr "Atrybut UUID"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr "Atrybut głównego użytkownika (dla Kerberos)"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr "Imię i nazwisko"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr "Atrybut memberOf"
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr "Atrybut czasu modyfikacji"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr "Atrybut shadowLastChange"
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr "Atrybut shadowMin"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr "Atrybut shadowMax"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr "Atrybut shadowWarning"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr "Atrybut shadowInactive"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr "Atrybut shadowExpire"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr "Atrybut shadowFlag"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr "Atrybut zawierający listę upoważnionych usług PAM"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
#, fuzzy
msgid "Attribute listing authorized server hosts"
msgstr "Atrybut zawierający listę upoważnionych usług PAM"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr "Atrybut krbLastPwdChange"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr "Atrybut krbPasswordExpiration"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr "Atrybut wskazujący, czy polityki haseł po stronie serwera są aktywne"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr "Atrybut accountExpires AD"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr "Atrybut userAccountControl AD"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr "Atrybut nsAccountLock"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
#, fuzzy
msgid "loginDisabled attribute of NDS"
msgstr "Atrybut accountExpires AD"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
#, fuzzy
msgid "loginExpirationTime attribute of NDS"
msgstr "Atrybut accountExpires AD"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr "Podstawowe DN dla wyszukiwania grup"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr "Klasa obiektów dla grup"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr "Nazwa grupy"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr "Hasło grupy"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr "Atrybut GID"
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr "Atrybut elementu grupy"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr "Atrybut UUID grupy"
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr "Atrybut czasu modyfikacji grup"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr "Maksymalny poziom zagnieżdżenia, jaki usługa SSSD będzie używała"
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr "Podstawowe DN dla wyszukiwania grupy sieciowej"
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr "Klasa obiektów dla grup sieciowych"
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr "Nazwa grupy sieciowej"
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr "Atrybut elementów grupy sieciowej"
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr "Potrójny atrybut grupy sieciowej"
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr "Atrybut UUID grupy sieciowej"
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr "Atrybut czasu modyfikacji grup sieciowych"
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr "Polityka do oszacowania wygaszenia hasła"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr "Filtr LDAP do określenia uprawnień dostępu"
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr "Które atrybuty powinny być używane do sprawdzenia, czy konto wygasło"
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr "Które reguły powinny być używane do sprawdzania kontroli dostępu"
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr "Adres URI serwera LDAP, gdzie zmiany hasła są dozwolone"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr "Nazwa usługi DNS serwera zmiany hasła LDAP"
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr "Lista dozwolonych użytkowników oddzielonych przecinkami"
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr "Lista zabronionych użytkowników oddzielonych przecinkami"
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr "Domyślna powłoka, /bin/bash"
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr "Podstawa katalogów domowych"
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr "Nazwa używanej biblioteki NSS"
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr "Używany stos PAM"
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr "Uruchamia jako demon (domyślnie)"
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr "Uruchamia interaktywnie (nie jako demon)"
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr "Podaje niedomyślny plik konfiguracji"
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr "Poziom debugowania"
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr "Dodaje czasy debugowania"
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr "Otwiera deskryptor pliku dla dzienników debugowania"
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr "Domena dostawcy informacji (wymagane)"
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr "Uprawnione gniazdo posiada błędnego właściciela lub uprawnienia."
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr "Publiczne gniazdo posiada błędnego właściciela lub uprawnienia"
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr "Nieoczekiwany format komunikatu uwierzytelniającego serwera."
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr "SSSD nie zostało uruchomione w trybie roota."
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr "Wystąpił błąd, ale nie odnaleziono jego opisu."
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr "Nieoczekiwany błąd podczas wyszukiwania opisu błędu"
@@ -805,35 +826,35 @@ msgstr "Hasło wygaśnie za %d %s."
msgid "Authentication is denied until: "
msgstr "Uwierzytelnianie jest zabronione do: "
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "System jest w trybie offline, zmiana hasła nie jest możliwa"
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "Zmiana hasła nie powiodła się. "
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Komunikat serwera: "
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr "Nowe hasło: "
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr "Proszę ponownie podać nowe hasło: "
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr "Hasło: "
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr "Bieżące hasło: "
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr "Hasło wygasło. Proszę je zmienić teraz."
@@ -949,33 +970,33 @@ msgstr "Nie można ustawić kontekstu loginu SELinuksa\n"
msgid "Cannot get info about the user\n"
msgstr "Nie można uzyskać informacji o użytkowniku\n"
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"Katalog domowy użytkownika już istnieje, dane z katalogu szkieletu nie "
"zostaną skopiowane\n"
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr "Nie można utworzyć katalogu domowego użytkownika: %s\n"
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr "Nie można utworzyć buforu poczty użytkownika: %s\n"
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
"Nie można przydzielić identyfikatora użytkownikowi - czy domena jest pełna?\n"
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
"Użytkownik lub grupa o tej samej nazwie lub identyfikatorze już istnieje\n"
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr "Błąd transakcji. Nie można dodać użytkownika.\n"
diff --git a/po/pt.po b/po/pt.po
index 98ebc91b..e483b062 100644
--- a/po/pt.po
+++ b/po/pt.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd.master.sss_daemon\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-02-23 13:59+0100\n"
"Last-Translator: Rui Gouveia <rui.gouveia@gmail.com>\n"
"Language-Team: fedora-trans-pt@redhat.com\n"
@@ -221,579 +221,600 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
+msgstr ""
+
+#: src/config/SSSDConfig.py:98
msgid "IPA domain"
msgstr "Domínio IPA"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:99
msgid "IPA server address"
msgstr "Endereço do servidor IPA"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:100
msgid "IPA client hostname"
msgstr "Nome da máquina do cliente IPA"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:101
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:101
+#: src/config/SSSDConfig.py:102
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:103
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr "Endereço do servidor Kerberos"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr "Reino Kerberos"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr "Tempo de expiração da autenticação"
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr "Directório para armazenar as caches de credenciais"
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr "Localização da cache de credenciais dos utilizadores"
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr "Localização da tabela de chaves (keytab) para validar credenciais"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr "Activar validação de credenciais"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
#, fuzzy
msgid "Enables principal canonicalization"
msgstr "Activar validação de credenciais"
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Servidor onde está em execução o serviço de alteração de senha, se não "
"coincide com o KDC"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, O URI do servidor LDAP"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr "A base DN por omissão"
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "O tipo de Schema em utilização no servidor LDAP, rfc2307"
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr "O DN por omissão para a ligação"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr "O tipo de token de autenticação do bind DN por omissão"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr "O token de autenticação do bind DN por omissão"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr "Período de tempo para tentar ligação"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Tempo de espera para tentar operações LDAP síncronas"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr "Tempo de espera entre tentativas para re-conectar quando desligado"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr "Ficheiro que contêm os certificados CA"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr "Caminho para o directório do certificado CA"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
#, fuzzy
msgid "File that contains the client certificate"
msgstr "Ficheiro que contêm os certificados CA"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
#, fuzzy
msgid "File that contains the client key"
msgstr "Ficheiro que contêm os certificados CA"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr "Obriga a verificação de certificados TLS"
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr "Especificar mecanismo sasl a utilizar"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr "Especifique o id sasl para utilizar na autorização"
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
#, fuzzy
msgid "Specify the sasl authorization realm to use"
msgstr "Especifique o id sasl para utilizar na autorização"
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+#, fuzzy
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr "Especifique o id sasl para utilizar na autorização"
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr "Separador chave do serviço Kerberos"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr "Utilizar autenticação Kerberos para ligações LDAP"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr "Seguir os referrals LDAP"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
#, fuzzy
msgid "Lifetime of TGT for LDAP connection"
msgstr "Utilizar autenticação Kerberos para ligações LDAP"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
#, fuzzy
msgid "Service name for DNS service lookups"
msgstr "Filtro para as pesquisas do utilizador"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
#, fuzzy
msgid "entryUSN attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
#, fuzzy
msgid "lastUSN attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr "Tempo de espera por um pedido de pesquisa"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
#, fuzzy
msgid "Length of time to wait for a enumeration request"
msgstr "Tempo de espera por um pedido de pesquisa"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr "Período de tempo entre enumeração de actualizações"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
#, fuzzy
msgid "Length of time between cache cleanups"
msgstr "Período de tempo entre enumeração de actualizações"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr "Requer TLS para consultas de ID"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr "DN base para pesquisa de utilizadores"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr "Âmbito das pesquisas do utilizador"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr "Filtro para as pesquisas do utilizador"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr "Objectclass para utilizadores"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr "Atributo GID primário"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr "Atributo GECOS"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr "Atributo da pasta pessoal"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr "Atributo da Shell"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr "Atributo UUID"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr "Atributo principal do utilizador (para Kerberos)"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr "Nome Completo"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr "Atributo da alteração da data"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
#, fuzzy
msgid "shadowMin attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
#, fuzzy
msgid "shadowMax attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
#, fuzzy
msgid "shadowWarning attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
#, fuzzy
msgid "shadowInactive attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
#, fuzzy
msgid "shadowExpire attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
#, fuzzy
msgid "shadowFlag attribute"
msgstr "Atributo da Shell"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
#, fuzzy
msgid "krbPasswordExpiration attribute"
msgstr "Atributo da alteração da data"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
#, fuzzy
msgid "accountExpires attribute of AD"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
#, fuzzy
msgid "nsAccountLock attribute"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
#, fuzzy
msgid "loginDisabled attribute of NDS"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
#, fuzzy
msgid "loginExpirationTime attribute of NDS"
msgstr "Atributo do nome do utilizador"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
#, fuzzy
msgid "Base DN for group lookups"
msgstr "DN base para pesquisa de utilizadores"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
#, fuzzy
msgid "Objectclass for groups"
msgstr "Objectclass para utilizadores"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
#, fuzzy
msgid "Group name"
msgstr "Grupos"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
#, fuzzy
msgid "Group password"
msgstr "Grupos"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
#, fuzzy
msgid "GID attribute"
msgstr "Atributo UID"
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
#, fuzzy
msgid "Group member attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
#, fuzzy
msgid "Group UUID attribute"
msgstr "Atributo UUID"
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
#, fuzzy
msgid "Modification time attribute for groups"
msgstr "Atributo da alteração da data"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
#, fuzzy
msgid "Base DN for netgroup lookups"
msgstr "DN base para pesquisa de utilizadores"
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
#, fuzzy
msgid "Objectclass for netgroups"
msgstr "Objectclass para utilizadores"
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
#, fuzzy
msgid "Netgroups members attribute"
msgstr "Atributo memberOf"
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
#, fuzzy
msgid "Netgroup triple attribute"
msgstr "Atributo da alteração da data"
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
#, fuzzy
msgid "Netgroup UUID attribute"
msgstr "Atributo UUID"
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
#, fuzzy
msgid "Modification time attribute for netgroups"
msgstr "Atributo da alteração da data"
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr "Politica para avaliar a expiração da senha"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr "Lista de utilizadores autorizados separados por vírgulas"
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr "Lista de utilizadores não autorizados separados por vírgulas"
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr "Shell pré-definida, /bin/bash"
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr "Directório base para as pastas pessoais"
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr "O nome da biblioteca NSS a utilizar"
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr "Stack PAM a utilizar"
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr "Tornar-se num serviço (omissão)"
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr "Executar interactivamente (não como serviço)"
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr "Especificar um ficheiro de configuração não standard"
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr "Nível de depuração"
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr "Adicionar tempos na depuração"
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr "Um descritor de ficheiro aberto para os registos de depuração"
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr "Domínio do fornecedor de informação (obrigatório)"
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
#, fuzzy
msgid "Unexpected format of the server credential message."
msgstr "Localização da cache de credenciais dos utilizadores"
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -828,35 +849,35 @@ msgstr "A sua senha irá expirar em %d %s."
msgid "Authentication is denied until: "
msgstr "Autenticação offline, a autenticação é negada até: "
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "O sistema está offline, a mudança de senha não é possível"
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "Alteração da senha falhou."
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Mensagem do Servidor: "
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr "Nova Senha: "
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr "Digite a senha novamente: "
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr "Senha: "
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr "Senha actual: "
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr "A senha expirou. Altere a sua senha agora."
@@ -973,30 +994,30 @@ msgstr "Não foi possível definir o contexto SELinux para a sessão\n"
msgid "Cannot get info about the user\n"
msgstr "Incapaz de obter informação acerca do utilizador\n"
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"A pasta pessoal do utilizador já existe. Conteúdo skeldir não copiado\n"
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr "Incapaz de criar pasta pessoal do utilizador: %s\n"
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr "Incapaz de criar o ficheiro de correio do utilizador: %s\n"
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "Incapaz de alocar um ID para o utilizador - domínio cheio?\n"
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr "Já existe um utilizador ou grupo com o mesmo nome ou ID\n"
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr "Erro na transacção. Não foi possível adicionar o utilizador.\n"
diff --git a/po/pt_BR.po b/po/pt_BR.po
index f5478b2f..28b6236f 100644
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Portuguese (Brazilian) <trans-pt_br@lists.fedoraproject.org>\n"
@@ -209,541 +209,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -777,35 +797,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -921,29 +941,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/ru.po b/po/ru.po
index 6369fa2a..b85d2c82 100644
--- a/po/ru.po
+++ b/po/ru.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ru\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-04-07 21:39+0300\n"
"Last-Translator: Dmitry Drozdov <dmi3652@gmail.com>\n"
"Language-Team: Russian <fedora-trans-ru@redhat.com>\n"
@@ -220,581 +220,602 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
+msgstr ""
+
+#: src/config/SSSDConfig.py:98
msgid "IPA domain"
msgstr "IPA-домен"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:99
msgid "IPA server address"
msgstr "адрес сервера IPA"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:100
msgid "IPA client hostname"
msgstr "имя узла клиента IPA"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:101
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:101
+#: src/config/SSSDConfig.py:102
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:103
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr "Имя сервера Kerberos"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr "Область действия Kerberos"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr "Тайм-аут проверки подлинности"
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr "Каталог для хранения кэшей учётных данных"
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr "Расположения кэша учётных данных пользователей"
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr "Расположение keytab-файла для проверки учётных данных"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr "Включить проверку учётных данных"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
#, fuzzy
msgid "Enables principal canonicalization"
msgstr "Включить проверку учётных данных"
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr "Сервер, на котором запущена служба смены пароля (если не на KDC)"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI сервера LDAP "
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr "Base DN по умолчанию"
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Тип схемы, используемой на LDAP-сервере, rfc2307"
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr "Bind DN по умолчанию"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr "Тип маркера проверки подлинности для bind DN по умолчанию"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr "Маркер проверки подлинности для bind DN по умолчанию"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr "Временной интервал для попытки соединения"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Временной интервал для попытки синхронизации операций LDAP"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
"Временной интервал между попытками возобновления соединения в автономного "
"режиме"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
#, fuzzy
msgid "File that contains CA certificates"
msgstr "Файл, содержащий CA сертификаты"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
#, fuzzy
msgid "File that contains the client certificate"
msgstr "Файл, содержащий CA сертификаты"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
#, fuzzy
msgid "File that contains the client key"
msgstr "Файл, содержащий CA сертификаты"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr "Требуется проверка сертификата TLS"
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr "Укажите механизм sasl"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr "Укажите идентификатор авторизации sasl"
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
#, fuzzy
msgid "Specify the sasl authorization realm to use"
msgstr "Укажите идентификатор авторизации sasl"
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+#, fuzzy
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr "Укажите идентификатор авторизации sasl"
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr "Keytab-файл службы Kerberos"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr "Следовать ссылкам LDAP"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
#, fuzzy
msgid "Lifetime of TGT for LDAP connection"
msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
#, fuzzy
msgid "Service name for DNS service lookups"
msgstr "Фильтр поиска"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
#, fuzzy
msgid "entryUSN attribute"
msgstr "Атрибут «UID»"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
#, fuzzy
msgid "lastUSN attribute"
msgstr "Атрибут «UID»"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr "Временной интервал, в течение которого ожидать поискового запроса"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
#, fuzzy
msgid "Length of time to wait for a enumeration request"
msgstr "Временной интервал, в течение которого ожидать поискового запроса"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr "Временной интервал между обновлениями перечисления"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
#, fuzzy
msgid "Length of time between cache cleanups"
msgstr "Временной интервал между обновлениями перечисления"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
#, fuzzy
msgid "Require TLS for ID lookups"
msgstr "Требуется TLS для поиска ID"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr "Base DN для поиска"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr "Глубина поиска"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr "Фильтр поиска"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr "Objectclass для пользователей"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr "Атрибут «UID»"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr "Атрибут «primary GID»"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr "Атрибут «GECOS»"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr "Атрибут домашнего каталога"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr "Атрибут оболочки"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr "Атрибут «UUID»"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr "Атрибут участника-пользователя (для Kerberos)"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr "Полное имя"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr "Атрибут memberOf"
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr "Атрибут времени изменения"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
#, fuzzy
msgid "shadowMin attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
#, fuzzy
msgid "shadowMax attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
#, fuzzy
msgid "shadowWarning attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
#, fuzzy
msgid "shadowInactive attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
#, fuzzy
msgid "shadowExpire attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
#, fuzzy
msgid "shadowFlag attribute"
msgstr "Атрибут оболочки"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
#, fuzzy
msgid "krbPasswordExpiration attribute"
msgstr "Атрибут времени изменения"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
#, fuzzy
msgid "accountExpires attribute of AD"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
#, fuzzy
msgid "nsAccountLock attribute"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
#, fuzzy
msgid "loginDisabled attribute of NDS"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
#, fuzzy
msgid "loginExpirationTime attribute of NDS"
msgstr "Атрибут «username»"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
#, fuzzy
msgid "Base DN for group lookups"
msgstr "Base DN для поиска"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
#, fuzzy
msgid "Objectclass for groups"
msgstr "Objectclass для пользователей"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
#, fuzzy
msgid "Group name"
msgstr "Группы"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
#, fuzzy
msgid "Group password"
msgstr "Группы"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
#, fuzzy
msgid "GID attribute"
msgstr "Атрибут «UID»"
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
#, fuzzy
msgid "Group member attribute"
msgstr "Атрибут memberOf"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
#, fuzzy
msgid "Group UUID attribute"
msgstr "Атрибут «UUID»"
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
#, fuzzy
msgid "Modification time attribute for groups"
msgstr "Атрибут времени изменения"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
#, fuzzy
msgid "Base DN for netgroup lookups"
msgstr "Base DN для поиска"
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
#, fuzzy
msgid "Objectclass for netgroups"
msgstr "Objectclass для пользователей"
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
#, fuzzy
msgid "Netgroups members attribute"
msgstr "Атрибут memberOf"
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
#, fuzzy
msgid "Netgroup triple attribute"
msgstr "Атрибут времени изменения"
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
#, fuzzy
msgid "Netgroup UUID attribute"
msgstr "Атрибут «UUID»"
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
#, fuzzy
msgid "Modification time attribute for netgroups"
msgstr "Атрибут времени изменения"
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr "Политика вычисления окончания срока действия пароля"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr "Разделённый запятыми список разрешённых пользователей"
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr "Разделённый запятыми список запрещённых пользователей"
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr "Оболочка по умолчанию, /bin/bash"
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr "Место для домашних каталогов"
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr "Имя используемой библиотеки NSS"
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr "Используемый стек PAM"
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr "Запускаться в качестве службы (по умолчанию)"
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr "Запускаться интерактивно (не службой)"
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr "Указать файл конфигурации"
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr "Уровень отладки"
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr "Добавить отладочные отметки времени"
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr "Открытый дескриптор файла для журналов отладки"
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr "Домен поставщика информации (обязательный)"
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
#, fuzzy
msgid "Unexpected format of the server credential message."
msgstr "Расположения кэша учётных данных пользователей"
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -829,35 +850,35 @@ msgstr ", срок действия вашего кэшированного па
msgid "Authentication is denied until: "
msgstr "Автономная проверка подлинности, проверка подлинности запрещена до:"
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "Система находится в автономном режиме, невозможно сменить пароль"
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "Не удалось сменить пароль."
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Сообщение сервера:"
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr "Новый пароль:"
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr "Введите новый пароль ещё раз:"
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr "Пароль:"
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr "Текущий пароль:"
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr "Срок действия пароля истёк. Необходимо сейчас изменить ваш пароль."
@@ -976,31 +997,31 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr "Не удалось получить информацию о пользователе\n"
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"Домашний каталог пользователя уже существует, копирования данных из "
"скелетной директории выполнено не будет\n"
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr "Не удалось создать домашний каталог пользователя: %s\n"
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr "Не удалось создать пользовательскую почтовую очередь: %s\n"
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "Для пользователя не удалось выделить ID - домен заполнен?\n"
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr "Пользователь или группа с таким именем или ID уже существует\n"
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr "Ошибка в транзакции. Невозможно добавить пользователя.\n"
diff --git a/po/sk.po b/po/sk.po
index 5995f52b..81bd078e 100644
--- a/po/sk.po
+++ b/po/sk.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Slovak (http://www.transifex.net/projects/p/fedora/team/sk/)\n"
@@ -209,541 +209,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -777,35 +797,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -921,29 +941,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/sq.po b/po/sq.po
index 1e83d192..afe96751 100644
--- a/po/sq.po
+++ b/po/sq.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Albanian (http://www.transifex.net/projects/p/fedora/team/"
@@ -210,541 +210,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -778,35 +798,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -922,29 +942,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/sr.po b/po/sr.po
index c951164b..37753ebf 100644
--- a/po/sr.po
+++ b/po/sr.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Serbian <trans-sr@lists.fedoraproject.org>\n"
@@ -210,541 +210,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -778,35 +798,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -922,29 +942,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/sssd.pot b/po/sssd.pot
index b7b07e9f..225e92e2 100644
--- a/po/sssd.pot
+++ b/po/sssd.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -209,541 +209,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -777,35 +797,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -921,29 +941,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/sv.po b/po/sv.po
index ad48fa10..65f21177 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sss_server\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2009-12-30 17:58+0100\n"
"Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n"
"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
@@ -213,580 +213,601 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
+msgstr ""
+
+#: src/config/SSSDConfig.py:98
msgid "IPA domain"
msgstr "IPA-domän"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:99
msgid "IPA server address"
msgstr "IPA-serveradress"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:100
msgid "IPA client hostname"
msgstr "IPA-klienvärdnamn"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:101
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:101
+#: src/config/SSSDConfig.py:102
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:103
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr "Kerberosserveradress"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr "Kerberosrike"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr "Autentiseringstidsgräns"
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr "Katalog att lagra kreditiv-cachar i"
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr "Plats för användarens kreditiv-cache"
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr "Plats för nyckeltabellen för att validera kreditiv"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr "Aktivera validering av kreditiv"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
#, fuzzy
msgid "Enables principal canonicalization"
msgstr "Aktivera validering av kreditiv"
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, URI:n för LDAP-servern"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr "Standard bas-DN"
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Schematypen som används i LDAP-servern, rfc2307"
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr "Standard bindnings-DN"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr "Typen på autenticerings-token för standard bindnings-DN"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr "Autenticerings-token för standard bindnings-DN"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr "Tidslängd att försöka ansluta"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Tidslängd att försök synkrona LDAP-operationer"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr "Tidslängd mellan försök att återansluta under frånkoppling"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
#, fuzzy
msgid "File that contains CA certificates"
msgstr "fil som innehåller CA-certifikat"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
#, fuzzy
msgid "File that contains the client certificate"
msgstr "fil som innehåller CA-certifikat"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
#, fuzzy
msgid "File that contains the client key"
msgstr "fil som innehåller CA-certifikat"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr "Kräv TLS-certifikatverifiering"
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr "Ange sasl-mekanismen att använda"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr "Ange sasl-auktorisering-id att använda"
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
#, fuzzy
msgid "Specify the sasl authorization realm to use"
msgstr "Ange sasl-auktorisering-id att använda"
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+#, fuzzy
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr "Ange sasl-auktorisering-id att använda"
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr "Kerberostjänstens nyckeltabell"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr "Avnänd Kerberosautenticering för LDAP-anslutning"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
#, fuzzy
msgid "Lifetime of TGT for LDAP connection"
msgstr "Avnänd Kerberosautenticering för LDAP-anslutning"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
#, fuzzy
msgid "Service name for DNS service lookups"
msgstr "Filter för användaruppslagningar"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
#, fuzzy
msgid "entryUSN attribute"
msgstr "UID-attribut"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
#, fuzzy
msgid "lastUSN attribute"
msgstr "UID-attribut"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr "Tidslängd att vänta på en sökbegäran"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
#, fuzzy
msgid "Length of time to wait for a enumeration request"
msgstr "Tidslängd att vänta på en sökbegäran"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr "Tidslängd mellan uppräkningsuppdateringar"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
#, fuzzy
msgid "Length of time between cache cleanups"
msgstr "Tidslängd mellan uppräkningsuppdateringar"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
#, fuzzy
msgid "Require TLS for ID lookups"
msgstr "Kräv TLS för ID-uppslagningar, falsk"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr "Bas-DN för användaruppslagningar"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr "Omfång av användaruppslagningar"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr "Filter för användaruppslagningar"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr "Objektklass för användare"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr "UID-attribut"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr "Primärt GID-attribut"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr "GECOS-attribut"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr "Hemkatalogattribut"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr "Skalattribut"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr "UUID-attribut"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr "Användarens huvudmansattribut (för Kerberos)"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr "Fullständigt namn"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr "medlemAv-attribut"
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr "Modifieringstidsattribut"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
#, fuzzy
msgid "shadowMin attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
#, fuzzy
msgid "shadowMax attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
#, fuzzy
msgid "shadowWarning attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
#, fuzzy
msgid "shadowInactive attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
#, fuzzy
msgid "shadowExpire attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
#, fuzzy
msgid "shadowFlag attribute"
msgstr "Skalattribut"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
#, fuzzy
msgid "krbPasswordExpiration attribute"
msgstr "Modifieringstidsattribut"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
#, fuzzy
msgid "accountExpires attribute of AD"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
#, fuzzy
msgid "nsAccountLock attribute"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
#, fuzzy
msgid "loginDisabled attribute of NDS"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
#, fuzzy
msgid "loginExpirationTime attribute of NDS"
msgstr "Användarnamnsattribut"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
#, fuzzy
msgid "Base DN for group lookups"
msgstr "Bas-DN för användaruppslagningar"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
#, fuzzy
msgid "Objectclass for groups"
msgstr "Objektklass för användare"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
#, fuzzy
msgid "Group name"
msgstr "Grupper"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
#, fuzzy
msgid "Group password"
msgstr "Grupper"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
#, fuzzy
msgid "GID attribute"
msgstr "UID-attribut"
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
#, fuzzy
msgid "Group member attribute"
msgstr "medlemAv-attribut"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
#, fuzzy
msgid "Group UUID attribute"
msgstr "UUID-attribut"
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
#, fuzzy
msgid "Modification time attribute for groups"
msgstr "Modifieringstidsattribut"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
#, fuzzy
msgid "Base DN for netgroup lookups"
msgstr "Bas-DN för användaruppslagningar"
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
#, fuzzy
msgid "Objectclass for netgroups"
msgstr "Objektklass för användare"
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
#, fuzzy
msgid "Netgroups members attribute"
msgstr "medlemAv-attribut"
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
#, fuzzy
msgid "Netgroup triple attribute"
msgstr "Modifieringstidsattribut"
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
#, fuzzy
msgid "Netgroup UUID attribute"
msgstr "UUID-attribut"
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
#, fuzzy
msgid "Modification time attribute for netgroups"
msgstr "Modifieringstidsattribut"
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr "Policy för att utvärdera utgång av lösenord"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr "Standardskal, /bin/bash"
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr "Bas för hemkataloger"
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr "Namnet på NSS-biblioteket att använda"
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr "PAM-stack att använda"
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
#, fuzzy
msgid "An open file descriptor for the debug logs"
msgstr "Ange pratsamhet för felsökningsloggning"
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
#, fuzzy
msgid "Unexpected format of the server credential message."
msgstr "Plats för användarens kreditiv-cache"
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -821,37 +842,37 @@ msgstr "Lösenordet har gått ut."
msgid "Authentication is denied until: "
msgstr "Autentiseringstidsgräns"
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
#, fuzzy
msgid "Password change failed. "
msgstr "Leverantör av lösenordsändringar"
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr "Nytt lösenord: "
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr "Skriv det nya lösenordet igen: "
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr "Lösenord: "
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
#, fuzzy
msgid "Current Password: "
msgstr "Nytt lösenord: "
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -969,31 +990,31 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr "Kan inte få information om användaren\n"
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"Användarens hemkatalog finns redan, kopierar inte data från "
"skelettkatalogen\n"
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr "Kan inte skapa användarens hemkatalog: %s\n"
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr "Kan inte skapa användarens brevlåda: %s\n"
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "Det gick inte att allokera ID för användaren - full domän?\n"
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr "En användare eller grupp med samma namn eller ID finns redan\n"
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr "Transaktionsfel. Det gick inte att lägga till användaren.\n"
diff --git a/po/ta.po b/po/ta.po
index e86692a6..9739a8c9 100644
--- a/po/ta.po
+++ b/po/ta.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Tamil <tamil-users@lists.fedoraproject.org>\n"
@@ -209,541 +209,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -777,35 +797,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -921,29 +941,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/tr.po b/po/tr.po
index d399f124..1ee0b381 100644
--- a/po/tr.po
+++ b/po/tr.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Turkish (http://www.transifex.net/projects/p/fedora/team/"
@@ -210,541 +210,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -778,35 +798,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -922,29 +942,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/uk.po b/po/uk.po
index 9ca068ee..8d7089e9 100644
--- a/po/uk.po
+++ b/po/uk.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2011-03-08 15:07+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -225,556 +225,577 @@ msgstr "Частина запиту щодо виявлення служби DNS
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
+msgstr ""
+
+#: src/config/SSSDConfig.py:98
msgid "IPA domain"
msgstr "Домен IPA"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:99
msgid "IPA server address"
msgstr "Адреса сервера IPA"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:100
msgid "IPA client hostname"
msgstr "Назва вузла клієнта IPA"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:101
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
"Визначає, чи слід автоматично оновлювати запис DNS клієнтського вузла у "
"FreeIPA"
-#: src/config/SSSDConfig.py:101
+#: src/config/SSSDConfig.py:102
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
"Інтерфейс, чию адресу IP має бути використано для динамічних оновлень DNS"
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:103
msgid "Search base for HBAC related objects"
msgstr "Шукати у базі об’єкти, пов’язані з HBAC"
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr "Адреса сервера Kerberos"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr "Область Kerberos"
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr "Час очікування на розпізнавання"
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr "Каталог, де зберігатиметься кеш реєстраційних даних"
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr "Адреса кешу реєстраційних даних користувача"
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr "Адреса таблиці ключів для перевірки реєстраційних даних"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr "Увімкнути перевірку реєстраційних даних"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr "Зберігати пароль у автономному режимі для розпізнавання у мережі"
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr "Поновлюваний строк дії TGT"
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr "Строк дії TGT"
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr "Граничний час між двома перевірками для поновлення"
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr "Вмикає FAST"
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
#, fuzzy
msgid "Enables principal canonicalization"
msgstr "Увімкнути перевірку реєстраційних даних"
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
"Сервер, на якому запущено службу зміни паролів, якщо такий не вдасться "
"виявити у KDC"
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr "ldap_uri, адреса URI сервера LDAP"
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr "Типова базова назва домену"
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr "Тип схеми, використаний на сервері LDAP, rfc2307"
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr "Типова назва домену прив’язки"
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr "Тип розпізнавання для типової назви сервера прив’язки"
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr "Лексема розпізнавання типової назви сервера прив’язки"
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr "Проміжок часу між спробами встановлення з’єднання"
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr "Проміжок часу між спробами виконання синхронних операцій LDAP"
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
"Проміжок часу між повторними спробами встановлення з’єднання у автономному "
"режимі"
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr "Використовувати для назв областей лише великі літери"
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr "Файл, що містить сертифікати CA"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr "Шлях до каталогу сертифікатів CA"
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr "Файл, що містить клієнтський сертифікат"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr "Файл, що містить клієнтський ключ"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr "Показати список можливих інструментів шифрування"
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr "Потрібна перевірка сертифіката TLS"
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr "Вкажіть механізм SASL, який слід використовувати"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати"
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
#, fuzzy
msgid "Specify the sasl authorization realm to use"
msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати"
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+#, fuzzy
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати"
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr "Таблиця ключів служби Kerberos"
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr "Розпізнавання Kerberos для з’єднання LDAP"
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr "Переходити за посиланнями LDAP"
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr "Строк дії TGT для з’єднання LDAP"
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr "Спосіб розіменування псевдонімів"
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr "Назва служби для пошуків за допомогою служби DNS"
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr "Атрибут entryUSN"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr "Атрибут lastUSN"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr "Тривалість очікування на дані запиту пошуку"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr "Тривалість очікування на дані запиту щодо переліку"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr "Проміжок часу між оновленнями нумерації"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr "Проміжок часу між спорожненнями кешу"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr "Вимагати TLS для пошуків ідентифікаторів"
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr "Базова назва домену для пошуків користувачів"
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr "Діапазон пошуків користувачів"
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr "Фільтр пошуку користувачів"
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr "Клас об’єктів для користувачів"
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr "Атрибут імені користувача"
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr "Атрибут UID"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr "Головний атрибут GID"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr "Атрибут GECOS"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr "Атрибут домашнього каталогу"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr "Атрибут оболонки"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr "Атрибут UUID"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr "Атрибут реєстраційного запису користувача (для Kerberos)"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr "Повне ім'я"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr "Атрибут memberOf"
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr "Атрибут часу зміни"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr "Атрибут shadowLastChange"
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr "Атрибут shadowMin"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr "Атрибут shadowMax"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr "Атрибут shadowWarning"
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr "Атрибут shadowInactive"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr "Атрибут shadowExpire"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr "Атрибут shadowFlag"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr "Атрибути зі списком уповноважених служб PAM"
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
#, fuzzy
msgid "Attribute listing authorized server hosts"
msgstr "Атрибути зі списком уповноважених служб PAM"
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr "Атрибут krbLastPwdChange"
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr "Атрибут krbPasswordExpiration"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
"Атрибут, що відповідає за активізацію правил обробки паролів на боці сервера"
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr "Атрибут accountExpires AD"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr "Атрибут userAccountControl AD"
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr "Атрибут nsAccountLock"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
#, fuzzy
msgid "loginDisabled attribute of NDS"
msgstr "Атрибут accountExpires AD"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
#, fuzzy
msgid "loginExpirationTime attribute of NDS"
msgstr "Атрибут accountExpires AD"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr "Базова назва домену для пошуків груп"
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr "Клас об’єктів для груп"
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr "Назва групи"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr "Пароль групи"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr "Атрибут GID"
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr "Атрибут членства у групі"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr "Атрибут UUID групи"
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr "Атрибут часу зміни для груп"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr "Максимальний рівень вкладеності, який використовуватиме SSSD"
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr "Базова назва домену для пошуків груп у мережі"
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr "Клас об’єктів для груп у мережі"
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr "Назва мережевої групи"
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr "Атрибут членства у групах у мережі"
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr "Атрибут трійки груп у мережі"
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr "Атрибут UUID груп у мережі"
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr "Атрибут часу зміни для мережевих груп"
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr "Правила оцінки завершення строку дії пароля"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr "Фільтр LDAP для визначення прав доступу"
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
"Атрибути які слід використовувати для визначення чинності облікового запису"
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
"Правила, які має бути використано для визначення достатності прав доступу"
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr "Адреса на сервері LDAP, для якої можливі зміни паролів"
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr "Назва у службі DNS сервера зміни паролів LDAP"
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr "Відокремлений комами список дозволених користувачів"
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr "Відокремлений комами список заборонених користувачів"
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr "Типова оболонка, /bin/bash"
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr "Базова адреса домашніх каталогів"
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr "Назва бібліотеки NSS, яку слід використовувати"
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr "Стек PAM, який слід використовувати"
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr "Запуститися фонову службу (типова поведінка)"
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr "Запустити у інтерактивному режимі (без фонової служби)"
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr "Вказати нетиповий файл налаштувань"
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr "Рівень зневаджування"
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr "Додавати діагностичні часові позначки"
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr "Дескриптор відкритого файла для запису журналів діагностики"
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr "Домен надання відомостей (обов’язковий)"
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr "У привілейованого сокета помилковий власник або права доступу."
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr "У відкритого сокета помилковий власник або права доступу."
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr "Некоректний формат повідомлення щодо реєстраційних даних сервера."
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr "SSSD запущено не від імені користувача root."
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr "Сталася помилка, але не вдалося знайти її опису."
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr "Неочікувана помилка під час пошуку опису помилки"
@@ -808,35 +829,35 @@ msgstr "Строк дії вашого пароля завершиться за
msgid "Authentication is denied until: "
msgstr "Розпізнавання заборонено до: "
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "Система працює у автономному режимі, зміна пароля неможлива"
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "Спроба зміни пароля зазнала невдачі. "
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "Повідомлення сервера: "
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr "Новий пароль: "
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr "Ще раз введіть новий пароль: "
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr "Пароль: "
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr "Поточний пароль: "
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr "Строк дії пароля вичерпано. Змініть ваш пароль."
@@ -953,34 +974,34 @@ msgstr "Не вдалося встановити контекст входу SEL
msgid "Cannot get info about the user\n"
msgstr "Не вдалося отримати відомості щодо користувача\n"
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
"Домашній каталог користувача вже існує, копіювання даних з каталогу skel не "
"виконуватиметься\n"
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr "Не вдалося створити домашній каталог користувача: %s\n"
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr "Не вдалося створити поштовий буфер користувача: %s\n"
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
"Не вдалося отримати ідентифікатор для користувача. Домен переповнено?\n"
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
"Вже існує користувач або група з таким самим іменем, назвою або "
"ідентифікатором\n"
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr "Помилка під час виконання операції. Не вдалося додати користувача.\n"
diff --git a/po/vi.po b/po/vi.po
index 43bd8b71..6ae87b3c 100644
--- a/po/vi.po
+++ b/po/vi.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Vietnamese (http://www.transifex.net/projects/p/fedora/team/"
@@ -210,541 +210,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -778,35 +798,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -922,29 +942,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/zh_CN.po b/po/zh_CN.po
index 8d7d5fed..2968b3cb 100644
--- a/po/zh_CN.po
+++ b/po/zh_CN.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-11-30 04:10+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Chinese (China) (http://www.transifex.net/projects/p/fedora/"
@@ -210,541 +210,561 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
-msgid "IPA domain"
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
msgstr ""
#: src/config/SSSDConfig.py:98
-msgid "IPA server address"
+msgid "IPA domain"
msgstr ""
#: src/config/SSSDConfig.py:99
-msgid "IPA client hostname"
+msgid "IPA server address"
msgstr ""
#: src/config/SSSDConfig.py:100
-msgid "Whether to automatically update the client's DNS entry in FreeIPA"
+msgid "IPA client hostname"
msgstr ""
#: src/config/SSSDConfig.py:101
-msgid "The interface whose IP should be used for dynamic DNS updates"
+msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
#: src/config/SSSDConfig.py:102
-msgid "Search base for HBAC related objects"
+msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
#: src/config/SSSDConfig.py:103
+msgid "Search base for HBAC related objects"
+msgstr ""
+
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr ""
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr ""
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr ""
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr ""
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr ""
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr ""
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
msgid "Enables principal canonicalization"
msgstr ""
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
msgid "File that contains CA certificates"
msgstr ""
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
msgid "File that contains the client certificate"
msgstr ""
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
msgid "File that contains the client key"
msgstr ""
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr ""
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr ""
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr ""
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
msgid "Specify the sasl authorization realm to use"
msgstr ""
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr ""
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
msgid "entryUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
msgid "lastUSN attribute"
msgstr ""
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr ""
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
msgid "Length of time to wait for a enumeration request"
msgstr ""
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
msgid "Length of time between enumeration updates"
msgstr ""
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
msgid "Length of time between cache cleanups"
msgstr ""
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
msgid "UID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
msgid "Primary GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
msgid "GECOS attribute"
msgstr ""
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
msgid "Home directory attribute"
msgstr ""
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
msgid "Shell attribute"
msgstr ""
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
msgid "UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
msgid "User principal attribute (for Kerberos)"
msgstr ""
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr ""
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
msgid "Modification time attribute"
msgstr ""
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
msgid "shadowMin attribute"
msgstr ""
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
msgid "shadowMax attribute"
msgstr ""
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
msgid "shadowInactive attribute"
msgstr ""
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
msgid "shadowExpire attribute"
msgstr ""
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
msgid "shadowFlag attribute"
msgstr ""
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
msgid "krbPasswordExpiration attribute"
msgstr ""
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
msgid "accountExpires attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
msgid "nsAccountLock attribute"
msgstr ""
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
msgid "loginDisabled attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
msgid "loginExpirationTime attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
msgid "Group name"
msgstr ""
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
msgid "Group password"
msgstr ""
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
msgid "GID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
msgid "Group member attribute"
msgstr ""
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
msgid "Group UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
msgid "Modification time attribute for groups"
msgstr ""
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
msgid "Netgroup triple attribute"
msgstr ""
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
msgid "Netgroup UUID attribute"
msgstr ""
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
msgid "Modification time attribute for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr ""
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr ""
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr ""
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr ""
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
msgid "Base for home directories"
msgstr ""
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr ""
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr ""
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr ""
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr ""
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
msgid "An open file descriptor for the debug logs"
msgstr ""
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
msgid "Domain of the information provider (mandatory)"
msgstr ""
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
msgid "Unexpected format of the server credential message."
msgstr ""
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -778,35 +798,35 @@ msgstr ""
msgid "Authentication is denied until: "
msgstr ""
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr ""
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr ""
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr ""
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr ""
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr ""
@@ -922,29 +942,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr ""
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr ""
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr ""
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr ""
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr ""
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr ""
diff --git a/po/zh_TW.po b/po/zh_TW.po
index 0919bd63..e0adc2b0 100644
--- a/po/zh_TW.po
+++ b/po/zh_TW.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sss_daemon 1.1.0\n"
"Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
-"POT-Creation-Date: 2011-11-02 16:03-0400\n"
+"POT-Creation-Date: 2011-12-19 11:15-0500\n"
"PO-Revision-Date: 2010-03-22 22:00+0800\n"
"Last-Translator: Cheng-Chia Tseng <pswo10680@gmail.com>\n"
"Language-Team: Fedora-trans-zh_tw <trans-zh_tw@lists.fedoraproject.org>\n"
@@ -221,582 +221,603 @@ msgstr ""
msgid "Override GID value from the identity provider with this value"
msgstr ""
-#: src/config/SSSDConfig.py:97
+#: src/config/SSSDConfig.py:95
+msgid "Treat usernames as case sensitive"
+msgstr ""
+
+#: src/config/SSSDConfig.py:98
msgid "IPA domain"
msgstr "IPA 網域"
-#: src/config/SSSDConfig.py:98
+#: src/config/SSSDConfig.py:99
msgid "IPA server address"
msgstr "IPA 伺服器位址"
-#: src/config/SSSDConfig.py:99
+#: src/config/SSSDConfig.py:100
msgid "IPA client hostname"
msgstr "IPA 客戶端主機名稱"
-#: src/config/SSSDConfig.py:100
+#: src/config/SSSDConfig.py:101
msgid "Whether to automatically update the client's DNS entry in FreeIPA"
msgstr ""
-#: src/config/SSSDConfig.py:101
+#: src/config/SSSDConfig.py:102
msgid "The interface whose IP should be used for dynamic DNS updates"
msgstr ""
-#: src/config/SSSDConfig.py:102
+#: src/config/SSSDConfig.py:103
msgid "Search base for HBAC related objects"
msgstr ""
-#: src/config/SSSDConfig.py:103
+#: src/config/SSSDConfig.py:104
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server"
msgstr ""
-#: src/config/SSSDConfig.py:104
+#: src/config/SSSDConfig.py:105
msgid "If DENY rules are present, either DENY_ALL or IGNORE"
msgstr ""
-#: src/config/SSSDConfig.py:107 src/config/SSSDConfig.py:108
+#: src/config/SSSDConfig.py:106
+msgid "If set to false, host argument given by PAM will be ignored"
+msgstr ""
+
+#: src/config/SSSDConfig.py:109 src/config/SSSDConfig.py:110
msgid "Kerberos server address"
msgstr "Kerberos 伺服器位址"
-#: src/config/SSSDConfig.py:109
+#: src/config/SSSDConfig.py:111
msgid "Kerberos realm"
msgstr ""
-#: src/config/SSSDConfig.py:110
+#: src/config/SSSDConfig.py:112
msgid "Authentication timeout"
msgstr "認證逾時"
-#: src/config/SSSDConfig.py:113
+#: src/config/SSSDConfig.py:115
msgid "Directory to store credential caches"
msgstr "儲存憑證快取的目錄"
-#: src/config/SSSDConfig.py:114
+#: src/config/SSSDConfig.py:116
msgid "Location of the user's credential cache"
msgstr "使用者憑證快取的位置"
-#: src/config/SSSDConfig.py:115
+#: src/config/SSSDConfig.py:117
msgid "Location of the keytab to validate credentials"
msgstr "驗證憑證用的金鑰表格位置"
-#: src/config/SSSDConfig.py:116
+#: src/config/SSSDConfig.py:118
msgid "Enable credential validation"
msgstr "啟用憑證驗證"
-#: src/config/SSSDConfig.py:117
+#: src/config/SSSDConfig.py:119
msgid "Store password if offline for later online authentication"
msgstr ""
-#: src/config/SSSDConfig.py:118
+#: src/config/SSSDConfig.py:120
msgid "Renewable lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:119
+#: src/config/SSSDConfig.py:121
msgid "Lifetime of the TGT"
msgstr ""
-#: src/config/SSSDConfig.py:120
+#: src/config/SSSDConfig.py:122
msgid "Time between two checks for renewal"
msgstr ""
-#: src/config/SSSDConfig.py:121
+#: src/config/SSSDConfig.py:123
msgid "Enables FAST"
msgstr ""
-#: src/config/SSSDConfig.py:122
+#: src/config/SSSDConfig.py:124
msgid "Selects the principal to use for FAST"
msgstr ""
-#: src/config/SSSDConfig.py:123
+#: src/config/SSSDConfig.py:125
#, fuzzy
msgid "Enables principal canonicalization"
msgstr "啟用憑證驗證"
-#: src/config/SSSDConfig.py:126
+#: src/config/SSSDConfig.py:128
msgid "Server where the change password service is running if not on the KDC"
msgstr ""
-#: src/config/SSSDConfig.py:129
+#: src/config/SSSDConfig.py:131
msgid "ldap_uri, The URI of the LDAP server"
msgstr ""
-#: src/config/SSSDConfig.py:130
+#: src/config/SSSDConfig.py:132
msgid "The default base DN"
msgstr ""
-#: src/config/SSSDConfig.py:131
+#: src/config/SSSDConfig.py:133
msgid "The Schema Type in use on the LDAP server, rfc2307"
msgstr ""
-#: src/config/SSSDConfig.py:132
+#: src/config/SSSDConfig.py:134
msgid "The default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:133
+#: src/config/SSSDConfig.py:135
msgid "The type of the authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:134
+#: src/config/SSSDConfig.py:136
msgid "The authentication token of the default bind DN"
msgstr ""
-#: src/config/SSSDConfig.py:135
+#: src/config/SSSDConfig.py:137
msgid "Length of time to attempt connection"
msgstr ""
-#: src/config/SSSDConfig.py:136
+#: src/config/SSSDConfig.py:138
msgid "Length of time to attempt synchronous LDAP operations"
msgstr ""
-#: src/config/SSSDConfig.py:137
+#: src/config/SSSDConfig.py:139
msgid "Length of time between attempts to reconnect while offline"
msgstr ""
-#: src/config/SSSDConfig.py:138
+#: src/config/SSSDConfig.py:140
msgid "Use only the upper case for realm names"
msgstr ""
-#: src/config/SSSDConfig.py:139
+#: src/config/SSSDConfig.py:141
#, fuzzy
msgid "File that contains CA certificates"
msgstr "含有 CA 憑證的檔案"
-#: src/config/SSSDConfig.py:140
+#: src/config/SSSDConfig.py:142
msgid "Path to CA certificate directory"
msgstr ""
-#: src/config/SSSDConfig.py:141
+#: src/config/SSSDConfig.py:143
#, fuzzy
msgid "File that contains the client certificate"
msgstr "含有 CA 憑證的檔案"
-#: src/config/SSSDConfig.py:142
+#: src/config/SSSDConfig.py:144
#, fuzzy
msgid "File that contains the client key"
msgstr "含有 CA 憑證的檔案"
-#: src/config/SSSDConfig.py:143
+#: src/config/SSSDConfig.py:145
msgid "List of possible ciphers suites"
msgstr ""
-#: src/config/SSSDConfig.py:144
+#: src/config/SSSDConfig.py:146
msgid "Require TLS certificate verification"
msgstr "需要 TLS 憑證驗證"
-#: src/config/SSSDConfig.py:145
+#: src/config/SSSDConfig.py:147
msgid "Specify the sasl mechanism to use"
msgstr "指定要使用的 sasl 機制"
-#: src/config/SSSDConfig.py:146
+#: src/config/SSSDConfig.py:148
msgid "Specify the sasl authorization id to use"
msgstr "指定要使用的 sasl 認證 id"
-#: src/config/SSSDConfig.py:147
+#: src/config/SSSDConfig.py:149
#, fuzzy
msgid "Specify the sasl authorization realm to use"
msgstr "指定要使用的 sasl 認證 id"
-#: src/config/SSSDConfig.py:148
+#: src/config/SSSDConfig.py:150
+#, fuzzy
+msgid "Specify the minimal SSF for LDAP sasl authorization"
+msgstr "指定要使用的 sasl 認證 id"
+
+#: src/config/SSSDConfig.py:151
msgid "Kerberos service keytab"
msgstr ""
-#: src/config/SSSDConfig.py:149
+#: src/config/SSSDConfig.py:152
msgid "Use Kerberos auth for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:150
+#: src/config/SSSDConfig.py:153
msgid "Follow LDAP referrals"
msgstr ""
-#: src/config/SSSDConfig.py:151
+#: src/config/SSSDConfig.py:154
msgid "Lifetime of TGT for LDAP connection"
msgstr ""
-#: src/config/SSSDConfig.py:152
+#: src/config/SSSDConfig.py:155
msgid "How to dereference aliases"
msgstr ""
-#: src/config/SSSDConfig.py:153
+#: src/config/SSSDConfig.py:156
msgid "Service name for DNS service lookups"
msgstr ""
-#: src/config/SSSDConfig.py:154
+#: src/config/SSSDConfig.py:157
msgid "The number of records to retrieve in a single LDAP query"
msgstr ""
-#: src/config/SSSDConfig.py:155
+#: src/config/SSSDConfig.py:158
msgid "The number of members that must be missing to trigger a full deref"
msgstr ""
-#: src/config/SSSDConfig.py:156
+#: src/config/SSSDConfig.py:159
msgid ""
"Whether the LDAP library should perform a reverse lookup to canonicalize the "
"host name during a SASL bind"
msgstr ""
-#: src/config/SSSDConfig.py:158
+#: src/config/SSSDConfig.py:161
#, fuzzy
msgid "entryUSN attribute"
msgstr "UID 屬性"
-#: src/config/SSSDConfig.py:159
+#: src/config/SSSDConfig.py:162
#, fuzzy
msgid "lastUSN attribute"
msgstr "UID 屬性"
-#: src/config/SSSDConfig.py:162
+#: src/config/SSSDConfig.py:164
+msgid "How long to retain a connection to the LDAP server before disconnecting"
+msgstr ""
+
+#: src/config/SSSDConfig.py:167
msgid "Length of time to wait for a search request"
msgstr "搜尋請求的等候時間長度"
-#: src/config/SSSDConfig.py:163
+#: src/config/SSSDConfig.py:168
#, fuzzy
msgid "Length of time to wait for a enumeration request"
msgstr "搜尋請求的等候時間長度"
-#: src/config/SSSDConfig.py:164
+#: src/config/SSSDConfig.py:169
#, fuzzy
msgid "Length of time between enumeration updates"
msgstr "在列舉更新之間的長度"
-#: src/config/SSSDConfig.py:165
+#: src/config/SSSDConfig.py:170
#, fuzzy
msgid "Length of time between cache cleanups"
msgstr "在列舉更新之間的長度"
-#: src/config/SSSDConfig.py:166
+#: src/config/SSSDConfig.py:171
msgid "Require TLS for ID lookups"
msgstr ""
-#: src/config/SSSDConfig.py:167
+#: src/config/SSSDConfig.py:172
msgid "Base DN for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:168
+#: src/config/SSSDConfig.py:173
msgid "Scope of user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:169
+#: src/config/SSSDConfig.py:174
msgid "Filter for user lookups"
msgstr ""
-#: src/config/SSSDConfig.py:170
+#: src/config/SSSDConfig.py:175
msgid "Objectclass for users"
msgstr ""
-#: src/config/SSSDConfig.py:171
+#: src/config/SSSDConfig.py:176
msgid "Username attribute"
msgstr ""
-#: src/config/SSSDConfig.py:173
+#: src/config/SSSDConfig.py:178
#, fuzzy
msgid "UID attribute"
msgstr "UID 屬性"
-#: src/config/SSSDConfig.py:174
+#: src/config/SSSDConfig.py:179
#, fuzzy
msgid "Primary GID attribute"
msgstr "主要 GID 屬性"
-#: src/config/SSSDConfig.py:175
+#: src/config/SSSDConfig.py:180
#, fuzzy
msgid "GECOS attribute"
msgstr "GEOS 屬性"
-#: src/config/SSSDConfig.py:176
+#: src/config/SSSDConfig.py:181
#, fuzzy
msgid "Home directory attribute"
msgstr "家目錄屬性"
-#: src/config/SSSDConfig.py:177
+#: src/config/SSSDConfig.py:182
#, fuzzy
msgid "Shell attribute"
msgstr "Shell 屬性"
-#: src/config/SSSDConfig.py:178
+#: src/config/SSSDConfig.py:183
#, fuzzy
msgid "UUID attribute"
msgstr "UUID 屬性"
-#: src/config/SSSDConfig.py:179
+#: src/config/SSSDConfig.py:184
#, fuzzy
msgid "User principal attribute (for Kerberos)"
msgstr "使用者原則屬性(供 Kerberos 使用)"
-#: src/config/SSSDConfig.py:180
+#: src/config/SSSDConfig.py:185
msgid "Full Name"
msgstr "全名"
-#: src/config/SSSDConfig.py:181
+#: src/config/SSSDConfig.py:186
msgid "memberOf attribute"
msgstr ""
-#: src/config/SSSDConfig.py:182
+#: src/config/SSSDConfig.py:187
#, fuzzy
msgid "Modification time attribute"
msgstr "修改時間屬性"
-#: src/config/SSSDConfig.py:184
+#: src/config/SSSDConfig.py:189
msgid "shadowLastChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:185
+#: src/config/SSSDConfig.py:190
#, fuzzy
msgid "shadowMin attribute"
msgstr "Shell 屬性"
-#: src/config/SSSDConfig.py:186
+#: src/config/SSSDConfig.py:191
#, fuzzy
msgid "shadowMax attribute"
msgstr "Shell 屬性"
-#: src/config/SSSDConfig.py:187
+#: src/config/SSSDConfig.py:192
msgid "shadowWarning attribute"
msgstr ""
-#: src/config/SSSDConfig.py:188
+#: src/config/SSSDConfig.py:193
#, fuzzy
msgid "shadowInactive attribute"
msgstr "修改時間屬性"
-#: src/config/SSSDConfig.py:189
+#: src/config/SSSDConfig.py:194
#, fuzzy
msgid "shadowExpire attribute"
msgstr "Shell 屬性"
-#: src/config/SSSDConfig.py:190
+#: src/config/SSSDConfig.py:195
#, fuzzy
msgid "shadowFlag attribute"
msgstr "Shell 屬性"
-#: src/config/SSSDConfig.py:191
+#: src/config/SSSDConfig.py:196
msgid "Attribute listing authorized PAM services"
msgstr ""
-#: src/config/SSSDConfig.py:192
+#: src/config/SSSDConfig.py:197
msgid "Attribute listing authorized server hosts"
msgstr ""
-#: src/config/SSSDConfig.py:193
+#: src/config/SSSDConfig.py:198
msgid "krbLastPwdChange attribute"
msgstr ""
-#: src/config/SSSDConfig.py:194
+#: src/config/SSSDConfig.py:199
#, fuzzy
msgid "krbPasswordExpiration attribute"
msgstr "修改時間屬性"
-#: src/config/SSSDConfig.py:195
+#: src/config/SSSDConfig.py:200
msgid "Attribute indicating that server side password policies are active"
msgstr ""
-#: src/config/SSSDConfig.py:196
+#: src/config/SSSDConfig.py:201
#, fuzzy
msgid "accountExpires attribute of AD"
msgstr "Shell 屬性"
-#: src/config/SSSDConfig.py:197
+#: src/config/SSSDConfig.py:202
msgid "userAccountControl attribute of AD"
msgstr ""
-#: src/config/SSSDConfig.py:198
+#: src/config/SSSDConfig.py:203
#, fuzzy
msgid "nsAccountLock attribute"
msgstr "Shell 屬性"
-#: src/config/SSSDConfig.py:199
+#: src/config/SSSDConfig.py:204
#, fuzzy
msgid "loginDisabled attribute of NDS"
msgstr "Shell 屬性"
-#: src/config/SSSDConfig.py:200
+#: src/config/SSSDConfig.py:205
#, fuzzy
msgid "loginExpirationTime attribute of NDS"
msgstr "Shell 屬性"
-#: src/config/SSSDConfig.py:201
+#: src/config/SSSDConfig.py:206
msgid "loginAllowedTimeMap attribute of NDS"
msgstr ""
-#: src/config/SSSDConfig.py:203
+#: src/config/SSSDConfig.py:208
msgid "Base DN for group lookups"
msgstr ""
-#: src/config/SSSDConfig.py:206
+#: src/config/SSSDConfig.py:211
msgid "Objectclass for groups"
msgstr ""
-#: src/config/SSSDConfig.py:207
+#: src/config/SSSDConfig.py:212
#, fuzzy
msgid "Group name"
msgstr "群組"
-#: src/config/SSSDConfig.py:208
+#: src/config/SSSDConfig.py:213
#, fuzzy
msgid "Group password"
msgstr "群組"
-#: src/config/SSSDConfig.py:209
+#: src/config/SSSDConfig.py:214
#, fuzzy
msgid "GID attribute"
msgstr "UID 屬性"
-#: src/config/SSSDConfig.py:210
+#: src/config/SSSDConfig.py:215
#, fuzzy
msgid "Group member attribute"
msgstr "家目錄屬性"
-#: src/config/SSSDConfig.py:211
+#: src/config/SSSDConfig.py:216
#, fuzzy
msgid "Group UUID attribute"
msgstr "UUID 屬性"
-#: src/config/SSSDConfig.py:212
+#: src/config/SSSDConfig.py:217
#, fuzzy
msgid "Modification time attribute for groups"
msgstr "修改時間屬性"
-#: src/config/SSSDConfig.py:214
+#: src/config/SSSDConfig.py:219
msgid "Maximum nesting level SSSd will follow"
msgstr ""
-#: src/config/SSSDConfig.py:216
+#: src/config/SSSDConfig.py:221
msgid "Base DN for netgroup lookups"
msgstr ""
-#: src/config/SSSDConfig.py:217
+#: src/config/SSSDConfig.py:222
msgid "Objectclass for netgroups"
msgstr ""
-#: src/config/SSSDConfig.py:218
+#: src/config/SSSDConfig.py:223
msgid "Netgroup name"
msgstr ""
-#: src/config/SSSDConfig.py:219
+#: src/config/SSSDConfig.py:224
msgid "Netgroups members attribute"
msgstr ""
-#: src/config/SSSDConfig.py:220
+#: src/config/SSSDConfig.py:225
#, fuzzy
msgid "Netgroup triple attribute"
msgstr "修改時間屬性"
-#: src/config/SSSDConfig.py:221
+#: src/config/SSSDConfig.py:226
#, fuzzy
msgid "Netgroup UUID attribute"
msgstr "UUID 屬性"
-#: src/config/SSSDConfig.py:222
+#: src/config/SSSDConfig.py:227
#, fuzzy
msgid "Modification time attribute for netgroups"
msgstr "修改時間屬性"
-#: src/config/SSSDConfig.py:225
+#: src/config/SSSDConfig.py:230
msgid "Policy to evaluate the password expiration"
msgstr "評估密碼過期時效的策略"
-#: src/config/SSSDConfig.py:228
+#: src/config/SSSDConfig.py:233
msgid "LDAP filter to determine access privileges"
msgstr ""
-#: src/config/SSSDConfig.py:229
+#: src/config/SSSDConfig.py:234
msgid "Which attributes shall be used to evaluate if an account is expired"
msgstr ""
-#: src/config/SSSDConfig.py:230
+#: src/config/SSSDConfig.py:235
msgid "Which rules should be used to evaluate access control"
msgstr ""
-#: src/config/SSSDConfig.py:233
+#: src/config/SSSDConfig.py:238
msgid "URI of an LDAP server where password changes are allowed"
msgstr ""
-#: src/config/SSSDConfig.py:234
+#: src/config/SSSDConfig.py:239
msgid "DNS service name for LDAP password change server"
msgstr ""
-#: src/config/SSSDConfig.py:237
+#: src/config/SSSDConfig.py:242
msgid "Comma separated list of allowed users"
msgstr "許可的使用者清單,請使用半形逗號作為分隔"
-#: src/config/SSSDConfig.py:238
+#: src/config/SSSDConfig.py:243
msgid "Comma separated list of prohibited users"
msgstr "被禁止的使用者清單,請使用半形逗號作為分隔"
-#: src/config/SSSDConfig.py:241
+#: src/config/SSSDConfig.py:246
msgid "Default shell, /bin/bash"
msgstr "預設 shell,/bin/bash"
-#: src/config/SSSDConfig.py:242
+#: src/config/SSSDConfig.py:247
#, fuzzy
msgid "Base for home directories"
msgstr "家目錄的基礎"
-#: src/config/SSSDConfig.py:245
+#: src/config/SSSDConfig.py:250
msgid "The name of the NSS library to use"
msgstr "要使用的 NSS 函式庫名稱"
-#: src/config/SSSDConfig.py:248
+#: src/config/SSSDConfig.py:253
msgid "PAM stack to use"
msgstr "要使用的 PAM 堆疊"
-#: src/monitor/monitor.c:2398
+#: src/monitor/monitor.c:2369
msgid "Become a daemon (default)"
msgstr "作為幕後程式 (預設)"
-#: src/monitor/monitor.c:2400
+#: src/monitor/monitor.c:2371
msgid "Run interactive (not a daemon)"
msgstr "以互動方式執行 (非幕後程式)"
-#: src/monitor/monitor.c:2402
+#: src/monitor/monitor.c:2373
msgid "Specify a non-default config file"
msgstr "指定非預設的配置檔"
-#: src/providers/krb5/krb5_child.c:1569 src/providers/ldap/ldap_child.c:368
+#: src/monitor/monitor.c:2375
+msgid "Print version number and exit"
+msgstr ""
+
+#: src/providers/krb5/krb5_child.c:1572 src/providers/ldap/ldap_child.c:368
#: src/util/util.h:89
msgid "Debug level"
msgstr "除錯層級"
-#: src/providers/krb5/krb5_child.c:1571 src/providers/ldap/ldap_child.c:370
+#: src/providers/krb5/krb5_child.c:1574 src/providers/ldap/ldap_child.c:370
#: src/util/util.h:93
msgid "Add debug timestamps"
msgstr "加入除錯時間戳記"
-#: src/providers/krb5/krb5_child.c:1573 src/providers/ldap/ldap_child.c:372
+#: src/providers/krb5/krb5_child.c:1576 src/providers/ldap/ldap_child.c:372
#: src/util/util.h:95
msgid "Show timestamps with microseconds"
msgstr ""
-#: src/providers/krb5/krb5_child.c:1575 src/providers/ldap/ldap_child.c:374
+#: src/providers/krb5/krb5_child.c:1578 src/providers/ldap/ldap_child.c:374
#, fuzzy
msgid "An open file descriptor for the debug logs"
msgstr "供除錯日誌使用的開啟檔案描述符"
-#: src/providers/data_provider_be.c:1196
+#: src/providers/data_provider_be.c:1363
#, fuzzy
msgid "Domain of the information provider (mandatory)"
msgstr "資訊提供者的網域(委任)"
-#: src/sss_client/common.c:821
+#: src/sss_client/common.c:839
msgid "Privileged socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:824
+#: src/sss_client/common.c:842
msgid "Public socket has wrong ownership or permissions."
msgstr ""
-#: src/sss_client/common.c:827
+#: src/sss_client/common.c:845
#, fuzzy
msgid "Unexpected format of the server credential message."
msgstr "使用者憑證快取的位置"
-#: src/sss_client/common.c:830
+#: src/sss_client/common.c:848
msgid "SSSD is not run by root."
msgstr ""
-#: src/sss_client/common.c:835
+#: src/sss_client/common.c:853
msgid "An error occurred, but no description can be found."
msgstr ""
-#: src/sss_client/common.c:841
+#: src/sss_client/common.c:859
msgid "Unexpected error while looking for an error description"
msgstr ""
@@ -831,35 +852,35 @@ msgstr ",您快取的密碼將在此刻過期:"
msgid "Authentication is denied until: "
msgstr "離線認證,認證被定義到:"
-#: src/sss_client/pam_sss.c:761
+#: src/sss_client/pam_sss.c:755
msgid "System is offline, password change not possible"
msgstr "系統已離線,不可能作密碼變更"
-#: src/sss_client/pam_sss.c:791 src/sss_client/pam_sss.c:804
+#: src/sss_client/pam_sss.c:785 src/sss_client/pam_sss.c:798
msgid "Password change failed. "
msgstr "密碼變更失敗。"
-#: src/sss_client/pam_sss.c:794 src/sss_client/pam_sss.c:805
+#: src/sss_client/pam_sss.c:788 src/sss_client/pam_sss.c:799
msgid "Server message: "
msgstr "伺服器訊息:"
-#: src/sss_client/pam_sss.c:1223
+#: src/sss_client/pam_sss.c:1217
msgid "New Password: "
msgstr "新密碼:"
-#: src/sss_client/pam_sss.c:1224
+#: src/sss_client/pam_sss.c:1218
msgid "Reenter new Password: "
msgstr "再次輸入新密碼:"
-#: src/sss_client/pam_sss.c:1310
+#: src/sss_client/pam_sss.c:1304
msgid "Password: "
msgstr "密碼:"
-#: src/sss_client/pam_sss.c:1342
+#: src/sss_client/pam_sss.c:1336
msgid "Current Password: "
msgstr "目前的密碼:"
-#: src/sss_client/pam_sss.c:1489
+#: src/sss_client/pam_sss.c:1483
msgid "Password expired. Change your password now."
msgstr "密碼已過期。請立刻變更您的密碼。"
@@ -977,29 +998,29 @@ msgstr ""
msgid "Cannot get info about the user\n"
msgstr "無法取得關於這位使用者的資訊\n"
-#: src/tools/sss_useradd.c:231
+#: src/tools/sss_useradd.c:229
msgid "User's home directory already exists, not copying data from skeldir\n"
msgstr "使用者的家目錄已經存在,不會從骨幹目錄複製資料\n"
-#: src/tools/sss_useradd.c:234
+#: src/tools/sss_useradd.c:232
#, c-format
msgid "Cannot create user's home directory: %s\n"
msgstr "無法建立使用者的家目錄:%s\n"
-#: src/tools/sss_useradd.c:245
+#: src/tools/sss_useradd.c:243
#, c-format
msgid "Cannot create user's mail spool: %s\n"
msgstr "無法建立使用者的郵件 spool:%s\n"
-#: src/tools/sss_useradd.c:257
+#: src/tools/sss_useradd.c:255
msgid "Could not allocate ID for the user - domain full?\n"
msgstr "無法為使用者分配 ID - 網域已滿?\n"
-#: src/tools/sss_useradd.c:261
+#: src/tools/sss_useradd.c:259
msgid "A user or group with the same name or ID already exists\n"
msgstr "已經存在相同名稱的使用者或群組\n"
-#: src/tools/sss_useradd.c:267
+#: src/tools/sss_useradd.c:265
msgid "Transaction error. Could not add user.\n"
msgstr "處理事項發生錯誤。無法加入使用者。\n"
diff --git a/src/man/po/as.po b/src/man/po/as.po
index 270dc37b..60a7a9ff 100644
--- a/src/man/po/as.po
+++ b/src/man/po/as.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Assamese (http://www.transifex.net/projects/p/fedora/team/"
@@ -106,9 +106,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -215,7 +215,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -797,7 +797,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -936,7 +936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1307,6 +1307,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1316,29 +1333,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1346,19 +1363,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1366,73 +1383,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1440,17 +1457,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1459,17 +1476,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1477,17 +1494,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1495,18 +1512,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1536,7 +1553,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1545,7 +1562,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1596,7 +1613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2439,73 +2456,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2513,7 +2555,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2521,17 +2563,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2539,17 +2581,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2560,12 +2602,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2573,29 +2615,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2603,13 +2664,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2617,27 +2678,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2645,7 +2714,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2653,7 +2722,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2661,41 +2730,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2704,38 +2773,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2743,90 +2812,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2834,27 +2903,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2866,7 +2935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2874,7 +2943,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2882,53 +2951,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2937,7 +3006,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2945,61 +3014,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3009,12 +3078,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3023,14 +3092,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3039,24 +3108,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3064,19 +3133,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3085,7 +3154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3093,7 +3162,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3102,89 +3171,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3201,74 +3270,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3276,33 +3345,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3310,7 +3379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3318,7 +3387,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3332,18 +3401,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3352,7 +3421,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3543,7 +3612,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3671,7 +3740,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3742,32 +3811,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3777,109 +3852,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3887,17 +3962,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3906,26 +3981,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3933,7 +4126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3943,7 +4136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4072,30 +4265,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4103,31 +4306,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4769,7 +4972,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4786,7 +4989,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/bn.po b/src/man/po/bn.po
index 44855b60..2e2898b1 100644
--- a/src/man/po/bn.po
+++ b/src/man/po/bn.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Bengali <info@ankur.org.bd>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/bs.po b/src/man/po/bs.po
index 2e87fc7b..e39fe767 100644
--- a/src/man/po/bs.po
+++ b/src/man/po/bs.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Bosnian (http://www.transifex.net/projects/p/fedora/team/"
@@ -107,9 +107,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -216,7 +216,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -445,8 +445,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -461,9 +461,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -798,7 +798,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -937,7 +937,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1308,6 +1308,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1317,29 +1334,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1347,19 +1364,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1367,73 +1384,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1441,17 +1458,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1460,17 +1477,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1478,17 +1495,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1496,18 +1513,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1537,7 +1554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1546,7 +1563,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1597,7 +1614,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1927,7 +1944,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1937,14 +1954,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2276,7 +2293,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2291,7 +2308,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2440,73 +2457,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2514,7 +2556,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2522,17 +2564,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2540,17 +2582,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2561,12 +2603,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2574,29 +2616,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2604,13 +2665,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2618,27 +2679,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2646,7 +2715,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2654,7 +2723,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2662,41 +2731,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2705,38 +2774,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2744,90 +2813,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2835,27 +2904,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2867,7 +2936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2875,7 +2944,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2883,53 +2952,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2938,7 +3007,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2946,61 +3015,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3010,12 +3079,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3024,14 +3093,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3040,24 +3109,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3065,19 +3134,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3086,7 +3155,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3094,7 +3163,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3103,89 +3172,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3202,74 +3271,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3277,33 +3346,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3311,7 +3380,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3319,7 +3388,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3333,18 +3402,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3353,7 +3422,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3544,7 +3613,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3672,7 +3741,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3743,32 +3812,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3778,109 +3853,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3888,17 +3963,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3907,26 +3982,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3934,7 +4127,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3944,7 +4137,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4073,30 +4266,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4104,31 +4307,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4770,7 +4973,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4787,7 +4990,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/ca.po b/src/man/po/ca.po
index 152be16e..bdaf18ab 100644
--- a/src/man/po/ca.po
+++ b/src/man/po/ca.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Catalan <fedora@llistes.softcatala.org>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/cs.po b/src/man/po/cs.po
index 7912c39e..2414d52e 100644
--- a/src/man/po/cs.po
+++ b/src/man/po/cs.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sss_daemon 1.2.3\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-10-25 10:46+0300\n"
"Last-Translator: Automatically generated\n"
"Language-Team: none\n"
@@ -118,9 +118,9 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -241,7 +241,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -500,8 +500,8 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -517,9 +517,9 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -883,13 +883,12 @@ msgid ""
"has been reached before a new login attempt is possible."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:513
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -1045,7 +1044,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1473,6 +1472,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1483,19 +1499,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -1503,13 +1519,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1517,7 +1533,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -1525,13 +1541,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><title>
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1540,31 +1556,31 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -1572,18 +1588,18 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -1591,18 +1607,18 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -1610,13 +1626,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1625,19 +1641,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1647,19 +1663,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1668,19 +1684,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1689,20 +1705,20 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1732,7 +1748,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1742,7 +1758,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1798,7 +1814,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2167,7 +2183,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -2179,7 +2195,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -2187,7 +2203,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2557,7 +2573,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2575,7 +2591,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2740,88 +2756,113 @@ msgstr ""
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2829,7 +2870,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2838,17 +2879,17 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2857,19 +2898,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2881,13 +2922,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2895,29 +2936,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2925,13 +2985,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2939,15 +2999,23 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -2955,7 +3023,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -2963,7 +3031,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2972,7 +3040,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2981,7 +3049,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2990,25 +3058,25 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -3016,7 +3084,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -3024,13 +3092,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3039,38 +3107,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3079,13 +3147,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -3093,13 +3161,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -3107,19 +3175,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
@@ -3127,54 +3195,54 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3183,30 +3251,30 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3218,7 +3286,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3227,7 +3295,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3236,43 +3304,43 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -3280,7 +3348,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -3288,7 +3356,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3298,7 +3366,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3307,19 +3375,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -3327,48 +3395,48 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3379,13 +3447,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3395,7 +3463,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
@@ -3403,7 +3471,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3413,24 +3481,24 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3438,19 +3506,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3459,7 +3527,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3467,7 +3535,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3476,44 +3544,44 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -3521,13 +3589,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -3535,13 +3603,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -3549,7 +3617,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -3557,7 +3625,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -3565,7 +3633,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3583,25 +3651,25 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
@@ -3609,55 +3677,55 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3665,33 +3733,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3700,7 +3768,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3709,7 +3777,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3723,20 +3791,20 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3746,7 +3814,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3980,7 +4048,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -4116,7 +4184,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4187,7 +4255,6 @@ msgid ""
"almost entirely self-discovered and obtained directly from the server."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:43
msgid ""
@@ -4195,22 +4262,28 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
@@ -4218,12 +4291,12 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -4234,13 +4307,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
@@ -4248,13 +4321,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
@@ -4262,13 +4335,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
@@ -4276,34 +4349,34 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
@@ -4311,41 +4384,41 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4353,17 +4426,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4372,27 +4445,145 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -4401,7 +4592,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -4412,7 +4603,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4555,21 +4746,34 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+# type: Content of: <varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid "<option>--version</option>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
@@ -4577,13 +4781,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4592,13 +4796,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
@@ -4606,13 +4810,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
@@ -4620,7 +4824,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -5331,7 +5535,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -5348,7 +5552,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/de.po b/src/man/po/de.po
index 08fad76a..afbbc68e 100644
--- a/src/man/po/de.po
+++ b/src/man/po/de.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: German <trans-de@lists.fedoraproject.org>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/el.po b/src/man/po/el.po
index d8017248..527037f6 100644
--- a/src/man/po/el.po
+++ b/src/man/po/el.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Greek <trans-el@lists.fedoraproject.org>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/es.po b/src/man/po/es.po
index 4a3ff94f..addbb7f7 100644
--- a/src/man/po/es.po
+++ b/src/man/po/es.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2011-03-08 15:06+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Spanish (Castilian) <None>\n"
@@ -119,9 +119,9 @@ msgstr ""
"<replaceable>GROUPS</replaceable>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -256,7 +256,7 @@ msgid "The [sssd] section"
msgstr "La sección [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr "Parámetros de sección"
@@ -520,8 +520,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -536,9 +536,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -879,7 +879,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -1018,7 +1018,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1391,6 +1391,27 @@ msgstr "reconnection_retries (entero)"
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+#, fuzzy
+#| msgid "try_inotify (boolean)"
+msgid "case_sensitive (boolean)"
+msgstr "try_inotify (booleano)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: True"
+msgstr "Predeterminado: 3"
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1400,29 +1421,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1430,19 +1451,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1450,73 +1471,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1524,17 +1545,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1543,17 +1564,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1561,17 +1582,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1579,18 +1600,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1620,7 +1641,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1629,7 +1650,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1680,7 +1701,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2012,7 +2033,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -2022,14 +2043,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2363,7 +2384,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2378,7 +2399,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2529,73 +2550,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2603,7 +2649,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2611,17 +2657,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2629,17 +2675,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2650,12 +2696,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2663,31 +2709,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+#, fuzzy
+#| msgid "reconnection_retries (integer)"
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr "reconnection_retries (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: 900 (15 minutes)"
+msgstr "Predeterminado: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
#, fuzzy
#| msgid "Default: 3"
msgid "Default: 1000"
msgstr "Predeterminado: 3"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2695,13 +2764,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2709,27 +2778,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2737,7 +2814,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2745,7 +2822,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2753,41 +2830,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2796,38 +2873,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2835,92 +2912,92 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
#, fuzzy
#| msgid "Default: 3"
msgid "Default: false;"
msgstr "Predeterminado: 3"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2928,27 +3005,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2960,7 +3037,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2968,7 +3045,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2976,55 +3053,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
#, fuzzy
#| msgid "try_inotify (boolean)"
msgid "krb5_canonicalize (boolean)"
msgstr "try_inotify (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3033,7 +3110,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3041,61 +3118,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3105,12 +3182,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3119,14 +3196,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3135,24 +3212,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3160,19 +3237,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3181,7 +3258,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3189,7 +3266,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3198,89 +3275,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3297,74 +3374,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3372,33 +3449,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3406,7 +3483,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3414,7 +3491,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3428,18 +3505,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3448,7 +3525,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3659,7 +3736,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3787,7 +3864,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3858,32 +3935,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3893,111 +3976,111 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
#, fuzzy
#| msgid "reconnection_retries (integer)"
msgid "ipa_hbac_refresh (integer)"
msgstr "reconnection_retries (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4005,19 +4088,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
#, fuzzy
#| msgid "Default: 3"
msgid "Default: 5 (seconds)"
msgstr "Predeterminado: 3"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4026,28 +4109,160 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
#, fuzzy
#| msgid "Default: 3"
msgid "Default: DENY_ALL"
msgstr "Predeterminado: 3"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: memberUser"
+msgstr "Predeterminado: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: memberHost"
+msgstr "Predeterminado: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: externalHost"
+msgstr "Predeterminado: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+#, fuzzy
+#| msgid "full_name_format (string)"
+msgid "ipa_netgroup_domain (string)"
+msgstr "full_name_format (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: nisDomainName"
+msgstr "Predeterminado: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: ipaHost"
+msgstr "Predeterminado: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: fqdn"
+msgstr "Predeterminado: 3"
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -4055,7 +4270,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -4065,7 +4280,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4206,30 +4421,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4237,31 +4462,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4903,7 +5128,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4922,7 +5147,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/et.po b/src/man/po/et.po
index 26ce9d51..23a175c8 100644
--- a/src/man/po/et.po
+++ b/src/man/po/et.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Estonian (http://www.transifex.net/projects/p/fedora/team/"
@@ -106,9 +106,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -215,7 +215,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -797,7 +797,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -936,7 +936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1307,6 +1307,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1316,29 +1333,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1346,19 +1363,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1366,73 +1383,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1440,17 +1457,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1459,17 +1476,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1477,17 +1494,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1495,18 +1512,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1536,7 +1553,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1545,7 +1562,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1596,7 +1613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2439,73 +2456,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2513,7 +2555,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2521,17 +2563,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2539,17 +2581,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2560,12 +2602,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2573,29 +2615,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2603,13 +2664,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2617,27 +2678,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2645,7 +2714,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2653,7 +2722,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2661,41 +2730,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2704,38 +2773,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2743,90 +2812,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2834,27 +2903,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2866,7 +2935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2874,7 +2943,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2882,53 +2951,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2937,7 +3006,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2945,61 +3014,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3009,12 +3078,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3023,14 +3092,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3039,24 +3108,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3064,19 +3133,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3085,7 +3154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3093,7 +3162,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3102,89 +3171,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3201,74 +3270,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3276,33 +3345,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3310,7 +3379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3318,7 +3387,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3332,18 +3401,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3352,7 +3421,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3543,7 +3612,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3671,7 +3740,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3742,32 +3811,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3777,109 +3852,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3887,17 +3962,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3906,26 +3981,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3933,7 +4126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3943,7 +4136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4072,30 +4265,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4103,31 +4306,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4769,7 +4972,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4786,7 +4989,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/fa.po b/src/man/po/fa.po
index 67f60474..bf5e80f0 100644
--- a/src/man/po/fa.po
+++ b/src/man/po/fa.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Persian (http://www.transifex.net/projects/p/fedora/team/"
@@ -106,9 +106,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -215,7 +215,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -797,7 +797,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -936,7 +936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1307,6 +1307,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1316,29 +1333,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1346,19 +1363,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1366,73 +1383,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1440,17 +1457,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1459,17 +1476,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1477,17 +1494,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1495,18 +1512,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1536,7 +1553,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1545,7 +1562,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1596,7 +1613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2439,73 +2456,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2513,7 +2555,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2521,17 +2563,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2539,17 +2581,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2560,12 +2602,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2573,29 +2615,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2603,13 +2664,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2617,27 +2678,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2645,7 +2714,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2653,7 +2722,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2661,41 +2730,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2704,38 +2773,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2743,90 +2812,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2834,27 +2903,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2866,7 +2935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2874,7 +2943,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2882,53 +2951,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2937,7 +3006,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2945,61 +3014,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3009,12 +3078,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3023,14 +3092,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3039,24 +3108,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3064,19 +3133,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3085,7 +3154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3093,7 +3162,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3102,89 +3171,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3201,74 +3270,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3276,33 +3345,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3310,7 +3379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3318,7 +3387,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3332,18 +3401,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3352,7 +3421,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3543,7 +3612,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3671,7 +3740,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3742,32 +3811,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3777,109 +3852,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3887,17 +3962,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3906,26 +3981,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3933,7 +4126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3943,7 +4136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4072,30 +4265,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4103,31 +4306,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4769,7 +4972,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4786,7 +4989,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/fi.po b/src/man/po/fi.po
index b20c8fde..93b85694 100644
--- a/src/man/po/fi.po
+++ b/src/man/po/fi.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Finnish (http://www.transifex.net/projects/p/fedora/team/"
@@ -106,9 +106,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -215,7 +215,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -797,7 +797,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -936,7 +936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1307,6 +1307,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1316,29 +1333,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1346,19 +1363,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1366,73 +1383,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1440,17 +1457,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1459,17 +1476,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1477,17 +1494,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1495,18 +1512,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1536,7 +1553,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1545,7 +1562,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1596,7 +1613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2439,73 +2456,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2513,7 +2555,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2521,17 +2563,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2539,17 +2581,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2560,12 +2602,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2573,29 +2615,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2603,13 +2664,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2617,27 +2678,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2645,7 +2714,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2653,7 +2722,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2661,41 +2730,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2704,38 +2773,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2743,90 +2812,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2834,27 +2903,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2866,7 +2935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2874,7 +2943,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2882,53 +2951,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2937,7 +3006,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2945,61 +3014,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3009,12 +3078,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3023,14 +3092,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3039,24 +3108,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3064,19 +3133,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3085,7 +3154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3093,7 +3162,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3102,89 +3171,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3201,74 +3270,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3276,33 +3345,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3310,7 +3379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3318,7 +3387,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3332,18 +3401,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3352,7 +3421,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3543,7 +3612,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3671,7 +3740,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3742,32 +3811,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3777,109 +3852,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3887,17 +3962,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3906,26 +3981,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3933,7 +4126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3943,7 +4136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4072,30 +4265,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4103,31 +4306,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4769,7 +4972,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4786,7 +4989,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/fr.po b/src/man/po/fr.po
index 5283d256..02f1184e 100644
--- a/src/man/po/fr.po
+++ b/src/man/po/fr.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2011-09-18 15:37+0000\n"
"Last-Translator: MarbolanGos <marbolangos@gmail.com>\n"
"Language-Team: French <trans-fr@lists.fedoraproject.org>\n"
@@ -119,9 +119,9 @@ msgstr ""
"<replaceable>GROUPS</replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -251,7 +251,7 @@ msgid "The [sssd] section"
msgstr "La section [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr "Paramètres de section"
@@ -518,8 +518,8 @@ msgid "Add a timestamp to the debug messages"
msgstr "Ajoute un horodatage aux messages de débogage"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr "Défaut : true"
@@ -538,9 +538,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr "Ajoute un horodatage aux messages de débogage"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -929,10 +929,15 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:513
+#, fuzzy
+#| msgid ""
+#| "If set to 0 the user cannot authenticate offline if "
+#| "offline_failed_login_attempts has been reached. Only a successful online "
+#| "authentication can enable enable offline authentication again."
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
"Si la valeur est à 0 l'utilisateur ne peut s'authentifier en mode déconnecté "
"si offline_failed_login_attempts est atteint. Seulement une connexion "
@@ -1099,7 +1104,7 @@ msgstr ""
"répondre."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr "Défaut : 10"
@@ -1554,6 +1559,27 @@ msgstr "override_gid (entier)"
msgid "Override the primary GID value with the one specified."
msgstr "Redéfini le GID primaire avec la valeur spécifiée."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+#, fuzzy
+#| msgid "ldap_referrals (boolean)"
+msgid "case_sensitive (boolean)"
+msgstr "ldap_referrals (booléen)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: True"
+msgstr "Défaut : true"
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1567,17 +1593,17 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr "Le proxy cible auquel PAM devient mandataire."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -1586,12 +1612,12 @@ msgstr ""
"ou créer une nouvelle et ajouter le nom de service ici."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1602,7 +1628,7 @@ msgstr ""
"$(libName)_$(function), par exemple _nss_files_getpwent."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -1611,12 +1637,12 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr "La section du domaine local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1627,29 +1653,29 @@ msgstr ""
"dire un domaine qui utilise <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr "default_shell (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"Le shell par défaut pour les utilisateurs créés avec les outils de l'espace "
"utilisateur SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Par défaut : <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr "base_directory (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -1658,17 +1684,17 @@ msgstr ""
"replaceable> et l'utilise comme dossier maison."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr "Par défaut : <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr "create_homedir (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -1677,17 +1703,17 @@ msgstr ""
"utilisateurs. Peut être outrepassé par la ligne de commande."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr "Par défaut : TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr "remove_homedir (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -1696,12 +1722,12 @@ msgstr ""
"des utilisateurs. Peut être outrepassé par la ligne de commande."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr "homedir_umask (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1712,17 +1738,17 @@ msgstr ""
"défaut sur un répertoire maison nouvellement créé."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr "Par défaut : 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr "skel_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1735,17 +1761,17 @@ msgstr ""
"manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Par défaut : <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr "mail_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1756,17 +1782,17 @@ msgstr ""
"par défaut est utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr "Par défaut : <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1777,18 +1803,18 @@ msgstr ""
"commande n'est pas pris en compte."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr "Par défaut : aucune commande lancée"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr "EXEMPLE"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1842,7 +1868,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1855,7 +1881,7 @@ msgstr ""
"\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1933,7 +1959,7 @@ msgstr ""
"en tant que fournisseur d'accès."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr "OPTIONS DE CONFIGURATION"
@@ -2315,7 +2341,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -2325,14 +2351,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2664,7 +2690,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2679,7 +2705,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2828,73 +2854,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2902,7 +2953,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2910,17 +2961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2928,17 +2979,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2949,12 +3000,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2962,29 +3013,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+#, fuzzy
+#| msgid "reconnection_retries (integer)"
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr "reconnection_retries (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+#, fuzzy
+#| msgid "Default: 0 (No limit)"
+msgid "Default: 900 (15 minutes)"
+msgstr "Défaut : 0 (pas de limite)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2992,13 +3066,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3006,27 +3080,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3034,7 +3116,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3042,7 +3124,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3050,41 +3132,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3093,38 +3175,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3132,94 +3214,94 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
#, fuzzy
#| msgid "ldap_referrals (boolean)"
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_referrals (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
#, fuzzy
#| msgid "Default: filter"
msgid "Default: false;"
msgstr "Défaut : filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3227,27 +3309,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
#, fuzzy
#| msgid ""
#| "Specifies the comma-separated list of URIs of the LDAP servers to which "
@@ -3272,7 +3354,7 @@ msgstr ""
"d'informations."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3280,7 +3362,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3288,55 +3370,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
#, fuzzy
#| msgid "ldap_referrals (boolean)"
msgid "krb5_canonicalize (boolean)"
msgstr "ldap_referrals (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3345,7 +3427,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3353,61 +3435,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr "Défaut : ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3417,12 +3499,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr "Exemple:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3431,14 +3513,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3447,24 +3529,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr "Défaut : vide"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3472,19 +3554,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3493,7 +3575,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3501,7 +3583,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3510,89 +3592,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr "Défaut : filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr "ldap_deref (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3609,74 +3691,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr "OPTIONS AVANCÉES"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr "ldap_user_search_filter (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3684,33 +3766,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr "ldap_group_search_filter (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3718,7 +3800,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3726,7 +3808,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3740,18 +3822,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr "NOTES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3760,7 +3842,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3973,7 +4055,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -4105,7 +4187,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4171,37 +4253,56 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:43
+#, fuzzy
+#| msgid ""
+#| "This manual page describes the configuration of LDAP domains for "
+#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
+#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
+#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
+#| "information."
msgid ""
"The IPA provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+"Ce manuel décrit la configuration des domaines LDAP pour <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>. Se référer à la section <quote>FILE FORMAT</quote> du manuel "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> pour des informations sur la syntaxe détaillée."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr "ipa_domain (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr "ipa_server (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
#, fuzzy
#| msgid ""
#| "Specifies the comma-separated list of URIs of the LDAP servers to which "
@@ -4224,109 +4325,109 @@ msgstr ""
"d'informations."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr "ipa_hostname (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr "ipa_dyndns_update (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr "ipa_dyndns_iface (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr "ipa_hbac_search_base (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4334,17 +4435,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr "Défaut : 5 (secondes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4353,26 +4454,178 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr "Défaut : DENY_ALL"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+#, fuzzy
+#| msgid "ldap_netgroup_search_base (string)"
+msgid "ipa_netgroup_member_of (string)"
+msgstr "ldap_netgroup_search_base (chaînes)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+#, fuzzy
+#| msgid "The LDAP attribute that corresponds to the user's id."
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr "L'attribut LDAP correspondant à l'id utilisateur."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+#, fuzzy
+#| msgid "ldap_netgroup_search_base (string)"
+msgid "ipa_netgroup_member_user (string)"
+msgstr "ldap_netgroup_search_base (chaînes)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+#, fuzzy
+#| msgid "Default: uidNumber"
+msgid "Default: memberUser"
+msgstr "par défaut : uidNumber"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+#, fuzzy
+#| msgid "ldap_netgroup_search_base (string)"
+msgid "ipa_netgroup_member_host (string)"
+msgstr "ldap_netgroup_search_base (chaînes)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+#, fuzzy
+#| msgid "Default: root"
+msgid "Default: memberHost"
+msgstr "Défaut : root"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+#, fuzzy
+#| msgid "ldap_netgroup_search_base (string)"
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr "ldap_netgroup_search_base (chaînes)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+#, fuzzy
+#| msgid "Default: root"
+msgid "Default: externalHost"
+msgstr "Défaut : root"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+#, fuzzy
+#| msgid "ipa_domain (string)"
+msgid "ipa_netgroup_domain (string)"
+msgstr "ipa_domain (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+#, fuzzy
+#| msgid "The LDAP attribute that corresponds to the user's id."
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr "L'attribut LDAP correspondant à l'id utilisateur."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+#, fuzzy
+#| msgid "Default: uidNumber"
+msgid "Default: nisDomainName"
+msgstr "par défaut : uidNumber"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+#, fuzzy
+#| msgid "ldap_user_object_class (string)"
+msgid "ipa_host_object_class (string)"
+msgstr "ldap_user_object_class (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+#, fuzzy
+#| msgid "The object class of a user entry in LDAP."
+msgid "The object class of a host entry in LDAP."
+msgstr "La classe objet d'une entrée utilisateur dans LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+#, fuzzy
+#| msgid "Default: root"
+msgid "Default: ipaHost"
+msgstr "Défaut : root"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+#, fuzzy
+#| msgid "ipa_hostname (string)"
+msgid "ipa_host_fqdn (string)"
+msgstr "ipa_hostname (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+#, fuzzy
+#| msgid "The LDAP attribute that corresponds to the user's id."
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr "L'attribut LDAP correspondant à l'id utilisateur."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+#, fuzzy
+#| msgid "Default: uid"
+msgid "Default: fqdn"
+msgstr "Par défaut : uid"
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -4380,7 +4633,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -4390,7 +4643,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4539,30 +4792,42 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+#, fuzzy
+#| msgid "<option>retry=N</option>"
+msgid "<option>--version</option>"
+msgstr "<option>retry=N</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr "Signaux"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr "SIGTERM/SIGINT"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr "SIGHUP"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4570,31 +4835,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr "SIGUSR1"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr "SIGUSR2"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -5236,7 +5501,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -5253,7 +5518,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/hu.po b/src/man/po/hu.po
index 3a3f429a..60f5c68e 100644
--- a/src/man/po/hu.po
+++ b/src/man/po/hu.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Hungarian <trans-hu@lists.fedoraproject.org>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/id.po b/src/man/po/id.po
index 0e2ce209..ed8db9a6 100644
--- a/src/man/po/id.po
+++ b/src/man/po/id.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Indonesian <trans-id@lists.fedoraproject.org>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/it.po b/src/man/po/it.po
index 8cf94977..f30a282b 100644
--- a/src/man/po/it.po
+++ b/src/man/po/it.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Italian <trans-it@lists.fedoraproject.org>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/ja.po b/src/man/po/ja.po
index 396490dd..86d69c15 100644
--- a/src/man/po/ja.po
+++ b/src/man/po/ja.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Japanese <trans-ja@lists.fedoraproject.org>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/ja_JP.po b/src/man/po/ja_JP.po
index 6864e09d..afed02c4 100644
--- a/src/man/po/ja_JP.po
+++ b/src/man/po/ja_JP.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/ko.po b/src/man/po/ko.po
index 53d9dc5c..d075271f 100644
--- a/src/man/po/ko.po
+++ b/src/man/po/ko.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Korean (http://www.transifex.net/projects/p/fedora/team/ko/)\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/lt.po b/src/man/po/lt.po
index 0a6d3681..9929b4ef 100644
--- a/src/man/po/lt.po
+++ b/src/man/po/lt.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Lithuanian (http://www.transifex.net/projects/p/fedora/team/"
@@ -107,9 +107,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -216,7 +216,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -445,8 +445,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -461,9 +461,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -798,7 +798,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -937,7 +937,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1308,6 +1308,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1317,29 +1334,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1347,19 +1364,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1367,73 +1384,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1441,17 +1458,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1460,17 +1477,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1478,17 +1495,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1496,18 +1513,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1537,7 +1554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1546,7 +1563,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1597,7 +1614,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1927,7 +1944,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1937,14 +1954,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2276,7 +2293,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2291,7 +2308,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2440,73 +2457,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2514,7 +2556,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2522,17 +2564,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2540,17 +2582,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2561,12 +2603,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2574,29 +2616,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2604,13 +2665,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2618,27 +2679,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2646,7 +2715,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2654,7 +2723,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2662,41 +2731,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2705,38 +2774,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2744,90 +2813,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2835,27 +2904,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2867,7 +2936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2875,7 +2944,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2883,53 +2952,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2938,7 +3007,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2946,61 +3015,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3010,12 +3079,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3024,14 +3093,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3040,24 +3109,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3065,19 +3134,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3086,7 +3155,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3094,7 +3163,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3103,89 +3172,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3202,74 +3271,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3277,33 +3346,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3311,7 +3380,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3319,7 +3388,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3333,18 +3402,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3353,7 +3422,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3544,7 +3613,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3672,7 +3741,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3743,32 +3812,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3778,109 +3853,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3888,17 +3963,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3907,26 +3982,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3934,7 +4127,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3944,7 +4137,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4073,30 +4266,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4104,31 +4307,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4770,7 +4973,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4787,7 +4990,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/nb.po b/src/man/po/nb.po
index acc9efa2..b3f597c5 100644
--- a/src/man/po/nb.po
+++ b/src/man/po/nb.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/nl.po b/src/man/po/nl.po
index d2bfaded..f30d3a77 100644
--- a/src/man/po/nl.po
+++ b/src/man/po/nl.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2011-03-08 15:06+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -119,9 +119,9 @@ msgstr ""
"replaceable> parameter."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -254,7 +254,7 @@ msgid "The [sssd] section"
msgstr "De [sssd] sectie"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr "Sectie parameters"
@@ -516,8 +516,8 @@ msgid "Add a timestamp to the debug messages"
msgstr "Voeg een tijdstempel toe aan de debugberichten"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr "Standaard: true"
@@ -536,9 +536,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr "Voeg een tijdstempel toe aan de debugberichten"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -883,7 +883,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -1022,7 +1022,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1395,6 +1395,27 @@ msgstr "reconnection_retries (numeriek)"
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+#, fuzzy
+#| msgid "try_inotify (boolean)"
+msgid "case_sensitive (boolean)"
+msgstr "try_inotify (bool)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: True"
+msgstr "Standaard: true"
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1404,29 +1425,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1434,19 +1455,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1454,73 +1475,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1528,17 +1549,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1547,17 +1568,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1565,17 +1586,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1583,18 +1604,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1624,7 +1645,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1633,7 +1654,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1684,7 +1705,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -2016,7 +2037,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -2026,14 +2047,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2367,7 +2388,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2382,7 +2403,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2533,73 +2554,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2607,7 +2653,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2615,17 +2661,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2633,17 +2679,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2654,12 +2700,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2667,35 +2713,58 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+#, fuzzy
+#| msgid "reconnection_retries (integer)"
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr "reconnection_retries (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: 900 (15 minutes)"
+msgstr "Standaard: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
#, fuzzy
#| msgid "debug_level (integer)"
msgid "ldap_page_size (integer)"
msgstr "debug_level (numeriek)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
#, fuzzy
#| msgid "Default: 120"
msgid "Default: 1000"
msgstr "Standaard: 120"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
#, fuzzy
#| msgid "debug_level (integer)"
msgid "ldap_deref_threshold (integer)"
msgstr "debug_level (numeriek)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2703,13 +2772,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2717,27 +2786,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2745,7 +2822,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2753,7 +2830,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2761,41 +2838,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2804,38 +2881,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2843,92 +2920,92 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
#, fuzzy
#| msgid "Default: 3"
msgid "Default: false;"
msgstr "Standaard: 3"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2936,27 +3013,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2968,7 +3045,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2976,7 +3053,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2984,55 +3061,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
#, fuzzy
#| msgid "try_inotify (boolean)"
msgid "krb5_canonicalize (boolean)"
msgstr "try_inotify (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3041,7 +3118,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3049,61 +3126,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3113,12 +3190,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3127,14 +3204,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3143,24 +3220,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3168,19 +3245,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3189,7 +3266,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3197,7 +3274,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3206,89 +3283,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3305,74 +3382,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3380,33 +3457,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3414,7 +3491,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3422,7 +3499,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3436,18 +3513,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3456,7 +3533,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3667,7 +3744,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3795,7 +3872,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3866,32 +3943,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3901,111 +3984,111 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
#, fuzzy
#| msgid "reconnection_retries (integer)"
msgid "ipa_hbac_refresh (integer)"
msgstr "reconnection_retries (numeriek)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4013,19 +4096,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
#, fuzzy
#| msgid "Default: 3"
msgid "Default: 5 (seconds)"
msgstr "Standaard: 3"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4034,28 +4117,160 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
#, fuzzy
#| msgid "Default: 3"
msgid "Default: DENY_ALL"
msgstr "Standaard: 3"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: memberUser"
+msgstr "Standaard: true"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: memberHost"
+msgstr "Standaard: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: externalHost"
+msgstr "Standaard: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+#, fuzzy
+#| msgid "full_name_format (string)"
+msgid "ipa_netgroup_domain (string)"
+msgstr "full_name_format (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: nisDomainName"
+msgstr "Standaard: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: ipaHost"
+msgstr "Standaard: 3"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+#, fuzzy
+#| msgid "Default: 3"
+msgid "Default: fqdn"
+msgstr "Standaard: 3"
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -4063,7 +4278,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -4073,7 +4288,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4218,30 +4433,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4249,31 +4474,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4915,7 +5140,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4934,7 +5159,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/nn.po b/src/man/po/nn.po
index 1b06dae9..d0c693f4 100644
--- a/src/man/po/nn.po
+++ b/src/man/po/nn.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Norwegian Nynorsk <i18n-nn@lister.ping.uio.no>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/pl.po b/src/man/po/pl.po
index 980ba829..c4d083e0 100644
--- a/src/man/po/pl.po
+++ b/src/man/po/pl.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2011-03-08 15:06+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Polish <None>\n"
@@ -106,9 +106,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -215,7 +215,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -797,7 +797,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -936,7 +936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1307,6 +1307,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1316,29 +1333,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1346,19 +1363,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1366,73 +1383,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1440,17 +1457,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1459,17 +1476,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1477,17 +1494,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1495,18 +1512,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1536,7 +1553,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1545,7 +1562,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1596,7 +1613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2439,73 +2456,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2513,7 +2555,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2521,17 +2563,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2539,17 +2581,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2560,12 +2602,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2573,29 +2615,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2603,13 +2664,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2617,27 +2678,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2645,7 +2714,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2653,7 +2722,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2661,41 +2730,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2704,38 +2773,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2743,90 +2812,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2834,27 +2903,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2866,7 +2935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2874,7 +2943,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2882,53 +2951,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2937,7 +3006,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2945,61 +3014,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3009,12 +3078,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3023,14 +3092,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3039,24 +3108,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3064,19 +3133,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3085,7 +3154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3093,7 +3162,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3102,89 +3171,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3201,74 +3270,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3276,33 +3345,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3310,7 +3379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3318,7 +3387,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3332,18 +3401,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3352,7 +3421,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3543,7 +3612,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3671,7 +3740,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3742,32 +3811,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3777,109 +3852,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3887,17 +3962,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3906,26 +3981,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3933,7 +4126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3943,7 +4136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4072,30 +4265,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4103,31 +4306,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4769,7 +4972,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4786,7 +4989,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/pt.po b/src/man/po/pt.po
index 6e8973d8..3dbe4413 100644
--- a/src/man/po/pt.po
+++ b/src/man/po/pt.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Portuguese <trans-pt@lists.fedoraproject.org>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po
index 80ce62ea..91868952 100644
--- a/src/man/po/pt_BR.po
+++ b/src/man/po/pt_BR.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Portuguese (Brazilian) <trans-pt_br@lists.fedoraproject.org>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/ru.po b/src/man/po/ru.po
index ba188980..0a45233d 100644
--- a/src/man/po/ru.po
+++ b/src/man/po/ru.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Russian <trans-ru@lists.fedoraproject.org>\n"
@@ -106,9 +106,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -215,7 +215,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -797,7 +797,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -936,7 +936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1307,6 +1307,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1316,29 +1333,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1346,19 +1363,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1366,73 +1383,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1440,17 +1457,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1459,17 +1476,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1477,17 +1494,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1495,18 +1512,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1536,7 +1553,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1545,7 +1562,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1596,7 +1613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2439,73 +2456,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2513,7 +2555,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2521,17 +2563,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2539,17 +2581,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2560,12 +2602,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2573,29 +2615,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2603,13 +2664,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2617,27 +2678,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2645,7 +2714,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2653,7 +2722,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2661,41 +2730,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2704,38 +2773,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2743,90 +2812,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2834,27 +2903,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2866,7 +2935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2874,7 +2943,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2882,53 +2951,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2937,7 +3006,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2945,61 +3014,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3009,12 +3078,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3023,14 +3092,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3039,24 +3108,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3064,19 +3133,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3085,7 +3154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3093,7 +3162,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3102,89 +3171,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3201,74 +3270,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3276,33 +3345,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3310,7 +3379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3318,7 +3387,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3332,18 +3401,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3352,7 +3421,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3543,7 +3612,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3671,7 +3740,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3742,32 +3811,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3777,109 +3852,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3887,17 +3962,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3906,26 +3981,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3933,7 +4126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3943,7 +4136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4072,30 +4265,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4103,31 +4306,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4769,7 +4972,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4786,7 +4989,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/sk.po b/src/man/po/sk.po
index da902a41..73863205 100644
--- a/src/man/po/sk.po
+++ b/src/man/po/sk.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Slovak (http://www.transifex.net/projects/p/fedora/team/sk/)\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/sq.po b/src/man/po/sq.po
index 1c866a96..3d0d15e9 100644
--- a/src/man/po/sq.po
+++ b/src/man/po/sq.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Albanian (http://www.transifex.net/projects/p/fedora/team/"
@@ -106,9 +106,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -215,7 +215,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -797,7 +797,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -936,7 +936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1307,6 +1307,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1316,29 +1333,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1346,19 +1363,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1366,73 +1383,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1440,17 +1457,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1459,17 +1476,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1477,17 +1494,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1495,18 +1512,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1536,7 +1553,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1545,7 +1562,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1596,7 +1613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2439,73 +2456,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2513,7 +2555,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2521,17 +2563,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2539,17 +2581,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2560,12 +2602,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2573,29 +2615,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2603,13 +2664,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2617,27 +2678,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2645,7 +2714,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2653,7 +2722,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2661,41 +2730,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2704,38 +2773,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2743,90 +2812,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2834,27 +2903,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2866,7 +2935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2874,7 +2943,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2882,53 +2951,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2937,7 +3006,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2945,61 +3014,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3009,12 +3078,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3023,14 +3092,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3039,24 +3108,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3064,19 +3133,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3085,7 +3154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3093,7 +3162,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3102,89 +3171,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3201,74 +3270,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3276,33 +3345,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3310,7 +3379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3318,7 +3387,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3332,18 +3401,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3352,7 +3421,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3543,7 +3612,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3671,7 +3740,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3742,32 +3811,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3777,109 +3852,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3887,17 +3962,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3906,26 +3981,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3933,7 +4126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3943,7 +4136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4072,30 +4265,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4103,31 +4306,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4769,7 +4972,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4786,7 +4989,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/sr.po b/src/man/po/sr.po
index a59a6f80..7d28658b 100644
--- a/src/man/po/sr.po
+++ b/src/man/po/sr.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Serbian <trans-sr@lists.fedoraproject.org>\n"
@@ -106,9 +106,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -215,7 +215,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -797,7 +797,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -936,7 +936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1307,6 +1307,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1316,29 +1333,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1346,19 +1363,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1366,73 +1383,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1440,17 +1457,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1459,17 +1476,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1477,17 +1494,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1495,18 +1512,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1536,7 +1553,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1545,7 +1562,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1596,7 +1613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2439,73 +2456,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2513,7 +2555,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2521,17 +2563,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2539,17 +2581,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2560,12 +2602,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2573,29 +2615,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2603,13 +2664,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2617,27 +2678,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2645,7 +2714,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2653,7 +2722,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2661,41 +2730,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2704,38 +2773,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2743,90 +2812,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2834,27 +2903,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2866,7 +2935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2874,7 +2943,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2882,53 +2951,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2937,7 +3006,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2945,61 +3014,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3009,12 +3078,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3023,14 +3092,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3039,24 +3108,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3064,19 +3133,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3085,7 +3154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3093,7 +3162,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3102,89 +3171,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3201,74 +3270,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3276,33 +3345,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3310,7 +3379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3318,7 +3387,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3332,18 +3401,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3352,7 +3421,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3543,7 +3612,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3671,7 +3740,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3742,32 +3811,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3777,109 +3852,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3887,17 +3962,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3906,26 +3981,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3933,7 +4126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3943,7 +4136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4072,30 +4265,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4103,31 +4306,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4769,7 +4972,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4786,7 +4989,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot
index 4905c898..87c70b9e 100644
--- a/src/man/po/sssd-docs.pot
+++ b/src/man/po/sssd-docs.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.7.0\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -93,7 +93,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640 pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103 sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686 pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103 sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138
msgid "SEE ALSO"
msgstr ""
@@ -200,7 +200,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -428,7 +428,7 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178 sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224 sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -443,7 +443,7 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110 sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156 sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -778,7 +778,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -918,7 +918,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1289,6 +1289,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1299,29 +1316,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1329,19 +1346,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1349,73 +1366,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1423,17 +1440,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1442,17 +1459,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1460,17 +1477,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1478,17 +1495,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126 sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126 sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1518,7 +1535,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1527,7 +1544,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> "
@@ -1584,7 +1601,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61 sssd-krb5.5.xml:63
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64 sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1912,7 +1929,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1922,14 +1939,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2262,7 +2279,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2277,7 +2294,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2426,71 +2443,96 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid "The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2498,7 +2540,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2506,17 +2548,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2524,17 +2566,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> "
@@ -2545,12 +2587,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2558,29 +2600,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value "
+"vs. the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single "
"request. Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2588,12 +2649,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid "You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2601,27 +2662,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2629,7 +2698,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2637,7 +2706,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2645,41 +2714,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in "
"<filename>/etc/openldap/ldap.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2688,37 +2757,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567 sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613 sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2726,90 +2795,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem "
"class=\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2817,27 +2886,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of "
@@ -2849,7 +2918,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2857,7 +2926,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of "
"SSSD. While the legacy name is recognized for the time being, users are "
@@ -2866,53 +2935,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client "
"side. The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use "
"<citerefentry><refentrytitle>shadow</refentrytitle> "
@@ -2922,7 +2991,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2930,61 +2999,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -2994,12 +3063,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3008,14 +3077,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3024,24 +3093,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3049,19 +3118,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3070,7 +3139,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, "
"<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check "
@@ -3078,7 +3147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3087,89 +3156,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3186,73 +3255,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid "An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = "
@@ -3261,33 +3330,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3295,7 +3364,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3303,7 +3372,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3317,17 +3386,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255 sssd-krb5.5.xml:441
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354 sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3336,7 +3405,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
@@ -3533,7 +3602,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3663,7 +3732,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
@@ -3737,33 +3806,39 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
"</citerefentry> identity provider and the <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
-"</citerefentry> authentication provider. However, it is neither necessary "
-"nor recommended to set these options. IPA provider can also be used as an "
-"access and chpass provider. As an access provider it uses HBAC (host-based "
-"access control) rules. Please refer to freeipa.org for more information "
-"about HBAC. No configuration of access provider is required on the client "
-"side."
+"</citerefentry> authentication provider with some exceptions described "
+"below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3774,109 +3849,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -3884,17 +3959,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3903,26 +3978,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and "
"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
@@ -3930,7 +4123,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3940,7 +4133,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
@@ -4071,30 +4264,40 @@ msgid ""
"</citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
@@ -4774,7 +4977,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4791,7 +4994,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/ta.po b/src/man/po/ta.po
index 21a875df..f59d94b4 100644
--- a/src/man/po/ta.po
+++ b/src/man/po/ta.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Tamil <tamil-users@lists.fedoraproject.org>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/tr.po b/src/man/po/tr.po
index a309f2e7..135811a7 100644
--- a/src/man/po/tr.po
+++ b/src/man/po/tr.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Turkish (http://www.transifex.net/projects/p/fedora/team/"
@@ -106,9 +106,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -215,7 +215,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -797,7 +797,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -936,7 +936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1307,6 +1307,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1316,29 +1333,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1346,19 +1363,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1366,73 +1383,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1440,17 +1457,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1459,17 +1476,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1477,17 +1494,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1495,18 +1512,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1536,7 +1553,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1545,7 +1562,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1596,7 +1613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2439,73 +2456,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2513,7 +2555,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2521,17 +2563,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2539,17 +2581,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2560,12 +2602,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2573,29 +2615,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2603,13 +2664,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2617,27 +2678,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2645,7 +2714,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2653,7 +2722,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2661,41 +2730,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2704,38 +2773,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2743,90 +2812,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2834,27 +2903,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2866,7 +2935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2874,7 +2943,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2882,53 +2951,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2937,7 +3006,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2945,61 +3014,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3009,12 +3078,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3023,14 +3092,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3039,24 +3108,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3064,19 +3133,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3085,7 +3154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3093,7 +3162,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3102,89 +3171,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3201,74 +3270,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3276,33 +3345,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3310,7 +3379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3318,7 +3387,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3332,18 +3401,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3352,7 +3421,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3543,7 +3612,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3671,7 +3740,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3742,32 +3811,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3777,109 +3852,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3887,17 +3962,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3906,26 +3981,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3933,7 +4126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3943,7 +4136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4072,30 +4265,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4103,31 +4306,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4769,7 +4972,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4786,7 +4989,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/uk.po b/src/man/po/uk.po
index fc82c1bb..3a6ec1fa 100644
--- a/src/man/po/uk.po
+++ b/src/man/po/uk.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.5.0\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2011-01-25 20:56+0200\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <translation@linux.org.ua>\n"
@@ -132,9 +132,9 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -282,7 +282,7 @@ msgstr "Розділ [sssd]"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr "Параметри розділу"
@@ -591,8 +591,8 @@ msgstr "Додати часову позначку до діагностични
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr "Типове значення: true"
@@ -614,9 +614,9 @@ msgstr "Додати часову позначку до діагностични
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr "Типове значення: false"
@@ -1017,13 +1017,12 @@ msgid ""
"has been reached before a new login attempt is possible."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:513
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -1183,7 +1182,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr "Типове значення: 10"
@@ -1647,6 +1646,29 @@ msgstr "min_id,max_id (ціле значення)"
msgid "Override the primary GID value with the one specified."
msgstr ""
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+#, fuzzy
+#| msgid "ldap_krb5_init_creds (boolean)"
+msgid "case_sensitive (boolean)"
+msgstr "ldap_krb5_init_creds (булеве значення)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+#, fuzzy
+#| msgid "Default: true"
+msgid "Default: True"
+msgstr "Типове значення: true"
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1657,19 +1679,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr "Комп’ютер, для якого виконує проксі-сервер PAM."
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -1677,13 +1699,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1691,7 +1713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -1701,13 +1723,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><title>
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr "Розділ локального домену"
# type: Content of: <reference><refentry><refsect1><refsect2><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1716,13 +1738,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr "default_shell (рядок)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"Типова оболонка для записів користувачів, створених за допомогою "
@@ -1730,19 +1752,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Типове значення: <filename>/bin/bash</filename>"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr "base_directory (рядок)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -1750,18 +1772,18 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr "Типове значення: <filename>/home</filename>"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr "create_homedir (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -1769,18 +1791,18 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr "Типове значення: TRUE"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr "remove_homedir (булівське значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -1788,13 +1810,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr "homedir_umask (ціле число)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1806,19 +1828,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr "Типове значення: 077"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr "skel_dir (рядок)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1828,19 +1850,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Типове значення: <filename>/etc/skel</filename>"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr "mail_dir (рядок)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1849,19 +1871,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr "Типове значення: <filename>/var/mail</filename>"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (рядок)"
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1870,20 +1892,20 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr "Типове значення: None, не виконувати жодних команд"
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr "ПРИКЛАД"
# type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1937,7 +1959,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1947,7 +1969,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2017,7 +2039,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr "ПАРАМЕТРИ НАЛАШТУВАННЯ"
@@ -2401,7 +2423,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr "Типове значення: nsUniqueId"
@@ -2413,7 +2435,7 @@ msgstr "ldap_user_modify_timestamp (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -2421,7 +2443,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr "Типове значення: modifyTimestamp"
@@ -2812,7 +2834,7 @@ msgstr "Атрибут LDAP, що відповідає повному імені
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr "Типове значення: cn"
@@ -2830,7 +2852,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr "Типове значення: memberOf"
@@ -3002,88 +3024,113 @@ msgstr "ldap_netgroup_object_class (рядок)"
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
-# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr "Типове значення: nisNetgroup"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr "Типове значення: memberNisNetgroup"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr "Типове значення: nisNetgroupTriple"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3091,7 +3138,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3100,18 +3147,18 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr "Типове значення: 6"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3120,19 +3167,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr "Типове значення: 60"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (ціле число)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3144,13 +3191,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (ціле число)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3159,14 +3206,39 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+#, fuzzy
+#| msgid "ldap_enumeration_refresh_timeout (integer)"
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr "ldap_enumeration_refresh_timeout (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+#, fuzzy
+#| msgid "Default: 0 (No limit)"
+msgid "Default: 900 (15 minutes)"
+msgstr "Типове значення: 0 (без обмежень)"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
#, fuzzy
#| msgid "ldap_opt_timeout (integer)"
msgid "ldap_page_size (integer)"
msgstr "ldap_opt_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -3174,7 +3246,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
#, fuzzy
#| msgid "Default: 10"
msgid "Default: 1000"
@@ -3182,14 +3254,14 @@ msgstr "Типове значення: 10"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
#, fuzzy
#| msgid "ldap_search_timeout (integer)"
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_search_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3197,13 +3269,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3211,15 +3283,23 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -3227,7 +3307,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -3235,7 +3315,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3244,7 +3324,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3253,7 +3333,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3262,25 +3342,25 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr "Типове значення: hard"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -3288,7 +3368,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -3296,13 +3376,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3312,42 +3392,42 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr "Типове значення: not set"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (рядок)"
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3356,13 +3436,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (булеве значення)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -3370,13 +3450,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -3384,19 +3464,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr "Типове значення: none"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
@@ -3404,20 +3484,20 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr "Типове значення: вузол/комп’ютер.fqdn@ОБЛАСТЬ"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
#, fuzzy
#| msgid "ldap_krb5_init_creds (boolean)"
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_krb5_init_creds (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -3425,7 +3505,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
#, fuzzy
#| msgid "Default: false"
msgid "Default: false;"
@@ -3433,31 +3513,31 @@ msgstr "Типове значення: false"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (булеве значення)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3466,30 +3546,30 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (ціле число)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr "Типове значення: 86400 (24 години)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr "krb5_server (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3501,7 +3581,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3510,7 +3590,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3519,19 +3599,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</"
@@ -3539,28 +3619,28 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
#, fuzzy
#| msgid "ldap_krb5_init_creds (boolean)"
msgid "krb5_canonicalize (boolean)"
msgstr "ldap_krb5_init_creds (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -3568,7 +3648,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -3576,7 +3656,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3586,7 +3666,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3595,19 +3675,19 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (булеве значення)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -3615,49 +3695,49 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr "Типове значення: ldap"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3668,13 +3748,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr "Приклад:"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3687,7 +3767,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
@@ -3695,7 +3775,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3705,25 +3785,25 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr "Типове значення: порожній рядок"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3731,19 +3811,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr "Можна використовувати такі значення:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3752,7 +3832,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3760,7 +3840,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3770,12 +3850,12 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Список відокремлених комами параметрів керування доступом. Можливі значення "
@@ -3783,18 +3863,18 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
"<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -3803,7 +3883,7 @@ msgstr ""
"можливості доступу атрибут authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
#, fuzzy
#| msgid ""
#| "<emphasis>authorized_service</emphasis>: use the authorizedService "
@@ -3815,12 +3895,12 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr "Типове значення: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -3828,13 +3908,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr "ldap_deref (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -3842,13 +3922,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -3856,7 +3936,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -3864,7 +3944,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -3872,7 +3952,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3890,25 +3970,25 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr "ДОДАТКОВІ ПАРАМЕТРИ"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
@@ -3916,58 +3996,58 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
#, fuzzy
#| msgid "ldap_user_search_base (string)"
msgid "ldap_user_search_filter (string)"
msgstr "ldap_user_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3975,7 +4055,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
@@ -3983,28 +4063,28 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
#, fuzzy
#| msgid "ldap_group_search_base (string)"
msgid "ldap_group_search_filter (string)"
msgstr "ldap_group_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4013,7 +4093,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4022,7 +4102,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4044,20 +4124,20 @@ msgstr ""
" enumerate = true\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr "ЗАУВАЖЕННЯ"
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4067,7 +4147,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -4323,7 +4403,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -4466,7 +4546,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -4546,27 +4626,41 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:43
+#, fuzzy
+#| msgid ""
+#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+#| "manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
+#| "refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
msgid ""
"The IPA provider accepts the same options used by the <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
+"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd</"
+"refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr "ipa_domain (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
@@ -4574,12 +4668,12 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr "ipa_server (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -4590,13 +4684,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr "ipa_hostname (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
@@ -4604,13 +4698,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr "ipa_dyndns_update (булеве значення)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
@@ -4618,13 +4712,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr "ipa_dyndns_iface (рядок)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
@@ -4632,36 +4726,36 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr "ipa_hbac_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr "Типове значення: використання базової назви домену"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (булеве значення)"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
@@ -4669,44 +4763,44 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
#, fuzzy
#| msgid "ipa_hbac_search_base (string)"
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4715,7 +4809,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
#, fuzzy
#| msgid "Default: gecos"
msgid "Default: 5 (seconds)"
@@ -4723,14 +4817,14 @@ msgstr "Типове значення: gecos"
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
#, fuzzy
#| msgid "ipa_hbac_search_base (string)"
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4739,14 +4833,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -4754,15 +4848,190 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
#, fuzzy
#| msgid "Default: FALSE"
msgid "Default: DENY_ALL"
msgstr "Типове значення: FALSE"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+#, fuzzy
+#| msgid "ldap_netgroup_member (string)"
+msgid "ipa_netgroup_member_of (string)"
+msgstr "ldap_netgroup_member (рядок)"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+#, fuzzy
+#| msgid "The LDAP attribute that corresponds to the group's id."
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr "Атрибут LDAP, що відповідає ідентифікатору групи."
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+#, fuzzy
+#| msgid "ldap_netgroup_member (string)"
+msgid "ipa_netgroup_member_user (string)"
+msgstr "ldap_netgroup_member (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+#, fuzzy
+#| msgid "Default: memberOf"
+msgid "Default: memberUser"
+msgstr "Типове значення: memberOf"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+#, fuzzy
+#| msgid "ldap_netgroup_member (string)"
+msgid "ipa_netgroup_member_host (string)"
+msgstr "ldap_netgroup_member (рядок)"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the name of the user's home directory."
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr "Атрибут LDAP, що містить назву домашнього каталогу користувача."
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+#, fuzzy
+#| msgid "Default: memberOf"
+msgid "Default: memberHost"
+msgstr "Типове значення: memberOf"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+#, fuzzy
+#| msgid "ldap_netgroup_member (string)"
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr "ldap_netgroup_member (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+#, fuzzy
+#| msgid "Default: root"
+msgid "Default: externalHost"
+msgstr "Типове значення: root"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+#, fuzzy
+#| msgid "ipa_domain (string)"
+msgid "ipa_netgroup_domain (string)"
+msgstr "ipa_domain (рядок)"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the name of the user's home directory."
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr "Атрибут LDAP, що містить назву домашнього каталогу користувача."
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+#, fuzzy
+#| msgid "Default: none"
+msgid "Default: nisDomainName"
+msgstr "Типове значення: none"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+#, fuzzy
+#| msgid "ldap_user_object_class (string)"
+msgid "ipa_host_object_class (string)"
+msgstr "ldap_user_object_class (рядок)"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+#, fuzzy
+#| msgid "The object class of a user entry in LDAP."
+msgid "The object class of a host entry in LDAP."
+msgstr "Клас об’єктів запису користувача у LDAP."
+
+# type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+#, fuzzy
+#| msgid "Default: root"
+msgid "Default: ipaHost"
+msgstr "Типове значення: root"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+#, fuzzy
+#| msgid "ipa_hostname (string)"
+msgid "ipa_host_fqdn (string)"
+msgstr "ipa_hostname (рядок)"
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the name of the user's home directory."
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr "Атрибут LDAP, що містить назву домашнього каталогу користувача."
+
+# type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+#, fuzzy
+#| msgid "Default: cn"
+msgid "Default: fqdn"
+msgstr "Типове значення: cn"
+
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -4771,7 +5040,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -4786,7 +5055,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4964,21 +5233,34 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+#, fuzzy
+#| msgid "<option>retry=N</option>"
+msgid "<option>--version</option>"
+msgstr "<option>retry=N</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
# type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr "Сигнали"
# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr "SIGTERM/SIGINT"
# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
@@ -4986,13 +5268,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr "SIGHUP"
# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -5001,13 +5283,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr "SIGUSR1"
# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
@@ -5015,13 +5297,13 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr "SIGUSR2"
# type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
@@ -5029,7 +5311,7 @@ msgstr ""
# type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -5802,7 +6084,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -5822,7 +6104,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/ur.po b/src/man/po/ur.po
index 46590472..dd0f188c 100644
--- a/src/man/po/ur.po
+++ b/src/man/po/ur.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Urdu <trans-urdu@lists.fedoraproject.org>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/vi.po b/src/man/po/vi.po
index b1e8a93d..8be8c3ab 100644
--- a/src/man/po/vi.po
+++ b/src/man/po/vi.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Vietnamese (http://www.transifex.net/projects/p/fedora/team/"
@@ -106,9 +106,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -215,7 +215,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -797,7 +797,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -936,7 +936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1307,6 +1307,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1316,29 +1333,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1346,19 +1363,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1366,73 +1383,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1440,17 +1457,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1459,17 +1476,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1477,17 +1494,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1495,18 +1512,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1536,7 +1553,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1545,7 +1562,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1596,7 +1613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2439,73 +2456,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2513,7 +2555,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2521,17 +2563,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2539,17 +2581,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2560,12 +2602,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2573,29 +2615,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2603,13 +2664,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2617,27 +2678,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2645,7 +2714,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2653,7 +2722,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2661,41 +2730,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2704,38 +2773,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2743,90 +2812,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2834,27 +2903,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2866,7 +2935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2874,7 +2943,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2882,53 +2951,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2937,7 +3006,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2945,61 +3014,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3009,12 +3078,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3023,14 +3092,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3039,24 +3108,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3064,19 +3133,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3085,7 +3154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3093,7 +3162,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3102,89 +3171,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3201,74 +3270,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3276,33 +3345,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3310,7 +3379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3318,7 +3387,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3332,18 +3401,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3352,7 +3421,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3543,7 +3612,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3671,7 +3740,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3742,32 +3811,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3777,109 +3852,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3887,17 +3962,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3906,26 +3981,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3933,7 +4126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3943,7 +4136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4072,30 +4265,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4103,31 +4306,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4769,7 +4972,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4786,7 +4989,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po
index f682ca71..e11a35f3 100644
--- a/src/man/po/zh_CN.po
+++ b/src/man/po/zh_CN.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Chinese (China) (http://www.transifex.net/projects/p/fedora/"
@@ -106,9 +106,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -215,7 +215,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -444,8 +444,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -460,9 +460,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -797,7 +797,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -936,7 +936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1307,6 +1307,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1316,29 +1333,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1346,19 +1363,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1366,73 +1383,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1440,17 +1457,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1459,17 +1476,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1477,17 +1494,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1495,18 +1512,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1536,7 +1553,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1545,7 +1562,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1596,7 +1613,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1926,7 +1943,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1936,14 +1953,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2275,7 +2292,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2290,7 +2307,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2439,73 +2456,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2513,7 +2555,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2521,17 +2563,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2539,17 +2581,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2560,12 +2602,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2573,29 +2615,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2603,13 +2664,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2617,27 +2678,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2645,7 +2714,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2653,7 +2722,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2661,41 +2730,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2704,38 +2773,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2743,90 +2812,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2834,27 +2903,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2866,7 +2935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2874,7 +2943,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2882,53 +2951,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2937,7 +3006,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2945,61 +3014,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3009,12 +3078,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3023,14 +3092,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3039,24 +3108,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3064,19 +3133,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3085,7 +3154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3093,7 +3162,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3102,89 +3171,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3201,74 +3270,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3276,33 +3345,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3310,7 +3379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3318,7 +3387,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3332,18 +3401,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3352,7 +3421,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3543,7 +3612,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3671,7 +3740,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3742,32 +3811,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3777,109 +3852,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3887,17 +3962,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3906,26 +3981,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3933,7 +4126,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3943,7 +4136,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4072,30 +4265,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4103,31 +4306,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4769,7 +4972,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4786,7 +4989,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""
diff --git a/src/man/po/zh_TW.po b/src/man/po/zh_TW.po
index 2f269227..790a4e5b 100644
--- a/src/man/po/zh_TW.po
+++ b/src/man/po/zh_TW.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2011-11-02 16:02-0300\n"
+"POT-Creation-Date: 2011-12-19 11:14-0500\n"
"PO-Revision-Date: 2010-12-23 15:35+0000\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: Chinese (Taiwan) <trans-zh_TW@lists.fedoraproject.org>\n"
@@ -105,9 +105,9 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1132 sssd-ldap.5.xml:1640
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1146 sssd-ldap.5.xml:1686
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:265 sssd.8.xml:181 sss_obfuscate.8.xml:103
+#: sssd-ipa.5.xml:364 sssd.8.xml:191 sss_obfuscate.8.xml:103
#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
#: sss_usermod.8.xml:138
@@ -214,7 +214,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:978
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:992
msgid "Section parameters"
msgstr ""
@@ -443,8 +443,8 @@ msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1178
-#: sssd-ldap.5.xml:1298 sssd-ipa.5.xml:155 sssd-ipa.5.xml:190
+#: sssd.conf.5.xml:240 sssd.conf.5.xml:375 sssd-ldap.5.xml:1224
+#: sssd-ldap.5.xml:1344 sssd-ipa.5.xml:158 sssd-ipa.5.xml:193
msgid "Default: true"
msgstr ""
@@ -459,9 +459,9 @@ msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1110
-#: sssd-ldap.5.xml:1247 sssd-ipa.5.xml:115 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:251 sssd-ldap.5.xml:592 sssd-ldap.5.xml:1156
+#: sssd-ldap.5.xml:1293 sssd-ipa.5.xml:118 sssd-ipa.5.xml:248
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
@@ -796,7 +796,7 @@ msgstr ""
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
-"authentication can enable enable offline authentication again."
+"authentication can enable offline authentication again."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
@@ -935,7 +935,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:635 sssd-ldap.5.xml:981
+#: sssd.conf.5.xml:635 sssd-ldap.5.xml:1027
msgid "Default: 10"
msgstr ""
@@ -1306,6 +1306,23 @@ msgstr ""
msgid "Override the primary GID value with the one specified."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:936
+msgid "case_sensitive (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:939
+msgid ""
+"Treat user and group names as case sensitive. At the moment, this option is "
+"not supported in the local provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:944
+msgid "Default: True"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd.conf.5.xml:601
msgid ""
@@ -1315,29 +1332,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:956
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:945
+#: sssd.conf.5.xml:959
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:962
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:956
+#: sssd.conf.5.xml:970
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:959
+#: sssd.conf.5.xml:973
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1345,19 +1362,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:938
+#: sssd.conf.5.xml:952
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:971
+#: sssd.conf.5.xml:985
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:973
+#: sssd.conf.5.xml:987
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1365,73 +1382,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:980
+#: sssd.conf.5.xml:994
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:997
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:987
+#: sssd.conf.5.xml:1001
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:992
+#: sssd.conf.5.xml:1006
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:995
+#: sssd.conf.5.xml:1009
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1000
+#: sssd.conf.5.xml:1014
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1005
+#: sssd.conf.5.xml:1019
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1008
+#: sssd.conf.5.xml:1022
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1012 sssd.conf.5.xml:1024
+#: sssd.conf.5.xml:1026 sssd.conf.5.xml:1038
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1017
+#: sssd.conf.5.xml:1031
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1020
+#: sssd.conf.5.xml:1034
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1029
+#: sssd.conf.5.xml:1043
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1032
+#: sssd.conf.5.xml:1046
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1439,17 +1456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1040
+#: sssd.conf.5.xml:1054
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1045
+#: sssd.conf.5.xml:1059
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1048
+#: sssd.conf.5.xml:1062
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1458,17 +1475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1058
+#: sssd.conf.5.xml:1072
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1077
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1080
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1476,17 +1493,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1087
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1078
+#: sssd.conf.5.xml:1092
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1081
+#: sssd.conf.5.xml:1095
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1494,18 +1511,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1087
+#: sssd.conf.5.xml:1101
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1097 sssd-ldap.5.xml:1608 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:247 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1111 sssd-ldap.5.xml:1654 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:346 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1103
+#: sssd.conf.5.xml:1117
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1535,7 +1552,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1099
+#: sssd.conf.5.xml:1113
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1544,7 +1561,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1134
+#: sssd.conf.5.xml:1148
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1595,7 +1612,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:64
#: sssd-krb5.5.xml:63
msgid "CONFIGURATION OPTIONS"
msgstr ""
@@ -1925,7 +1942,7 @@ msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:849
+#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:756 sssd-ldap.5.xml:868
msgid "Default: nsUniqueId"
msgstr ""
@@ -1935,14 +1952,14 @@ msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:858
+#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:765 sssd-ldap.5.xml:877
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:862
+#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:769 sssd-ldap.5.xml:884
msgid "Default: modifyTimestamp"
msgstr ""
@@ -2274,7 +2291,7 @@ msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:810
+#: sssd-ldap.5.xml:638 sssd-ldap.5.xml:717 sssd-ldap.5.xml:818
msgid "Default: cn"
msgstr ""
@@ -2289,7 +2306,7 @@ msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:651
+#: sssd-ldap.5.xml:651 sssd-ipa.5.xml:261
msgid "Default: memberOf"
msgstr ""
@@ -2438,73 +2455,98 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:797
+msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:801
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:803
+#: sssd-ldap.5.xml:807
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:806
+#: sssd-ldap.5.xml:810
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:814
+msgid "In IPA provider, ipa_netgroup_name should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:816
+#: sssd-ldap.5.xml:824
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:819
+#: sssd-ldap.5.xml:827
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:823
+#: sssd-ldap.5.xml:831
+msgid "In IPA provider, ipa_netgroup_member should be used instead."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:835
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:829
+#: sssd-ldap.5.xml:841
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:832
+#: sssd-ldap.5.xml:844
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:836
+#: sssd-ldap.5.xml:848 sssd-ldap.5.xml:881
+msgid "This option is not available in IPA provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:842
+#: sssd-ldap.5.xml:857
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:860
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:855
+#: sssd-ldap.5.xml:874
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:868
+#: sssd-ldap.5.xml:890
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:871
+#: sssd-ldap.5.xml:893
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2512,7 +2554,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:877
+#: sssd-ldap.5.xml:899
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2520,17 +2562,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:883 sssd-ldap.5.xml:925 sssd-ldap.5.xml:940
+#: sssd-ldap.5.xml:905 sssd-ldap.5.xml:947 sssd-ldap.5.xml:962
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:889
+#: sssd-ldap.5.xml:911
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:892
+#: sssd-ldap.5.xml:914
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -2538,17 +2580,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:899
+#: sssd-ldap.5.xml:921
msgid "Default: 60"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:905
+#: sssd-ldap.5.xml:927
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:908
+#: sssd-ldap.5.xml:930
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2559,12 +2601,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:931
+#: sssd-ldap.5.xml:953
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:934
+#: sssd-ldap.5.xml:956
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2572,29 +2614,48 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:946
+#: sssd-ldap.5.xml:968
+msgid "ldap_connection_expire_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:971
+msgid ""
+"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
+"maintained. After this time, the connection will be re-established. If used "
+"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
+"the TGT lifetime) will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:979
+msgid "Default: 900 (15 minutes)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:985
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:949
+#: sssd-ldap.5.xml:988
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:993
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:960
+#: sssd-ldap.5.xml:999
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963
+#: sssd-ldap.5.xml:1002
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2602,13 +2663,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:969
+#: sssd-ldap.5.xml:1008
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1012
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2616,27 +2677,35 @@ msgid ""
"Directory."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1020
+msgid ""
+"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
+"filter, then the dereference lookup performance enhancement will be disabled "
+"regardless of this setting."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:987
+#: sssd-ldap.5.xml:1033
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:990
+#: sssd-ldap.5.xml:1036
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:996
+#: sssd-ldap.5.xml:1042
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1000
+#: sssd-ldap.5.xml:1046
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2644,7 +2713,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1053
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -2652,7 +2721,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1013
+#: sssd-ldap.5.xml:1059
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -2660,41 +2729,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1019
+#: sssd-ldap.5.xml:1065
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1023
+#: sssd-ldap.5.xml:1069
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1029
+#: sssd-ldap.5.xml:1075
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1032
+#: sssd-ldap.5.xml:1078
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1037 sssd-ldap.5.xml:1055 sssd-ldap.5.xml:1096
+#: sssd-ldap.5.xml:1083 sssd-ldap.5.xml:1101 sssd-ldap.5.xml:1142
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1044
+#: sssd-ldap.5.xml:1090
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1047
+#: sssd-ldap.5.xml:1093
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -2703,38 +2772,38 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1062
+#: sssd-ldap.5.xml:1108
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1111
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1069 sssd-ldap.5.xml:1081 sssd-ldap.5.xml:1567
-#: sssd-ldap.5.xml:1594 sssd-krb5.5.xml:359
+#: sssd-ldap.5.xml:1115 sssd-ldap.5.xml:1127 sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1640 sssd-krb5.5.xml:359
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1075
+#: sssd-ldap.5.xml:1121
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1078
+#: sssd-ldap.5.xml:1124
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1087
+#: sssd-ldap.5.xml:1133
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1090
+#: sssd-ldap.5.xml:1136
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -2742,90 +2811,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1149
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1152
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1162
msgid "ldap_sasl_mech (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1119
+#: sssd-ldap.5.xml:1165
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1123 sssd-ldap.5.xml:1280
+#: sssd-ldap.5.xml:1169 sssd-ldap.5.xml:1326
msgid "Default: none"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1129
+#: sssd-ldap.5.xml:1175
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1132
+#: sssd-ldap.5.xml:1178
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1183
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1143
+#: sssd-ldap.5.xml:1189
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1192
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1151
+#: sssd-ldap.5.xml:1197
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1203
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1160
+#: sssd-ldap.5.xml:1206
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1209
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1215
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1172
+#: sssd-ldap.5.xml:1218
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -2833,27 +2902,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1184
+#: sssd-ldap.5.xml:1230
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187
+#: sssd-ldap.5.xml:1233
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1191
+#: sssd-ldap.5.xml:1237
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1197 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1243 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1200 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1246 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -2865,7 +2934,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1212 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1258 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -2873,7 +2942,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1217 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1263 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -2881,53 +2950,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1226 sssd-ipa.5.xml:165 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1272 sssd-ipa.5.xml:168 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1229
+#: sssd-ldap.5.xml:1275
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1232
+#: sssd-ldap.5.xml:1278
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1238 sssd-ipa.5.xml:180 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1284 sssd-ipa.5.xml:183 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1241
+#: sssd-ldap.5.xml:1287
msgid ""
-"Specifies if the host pricipal should be canonicalized when connecting to "
+"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1299
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1302
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1261
+#: sssd-ldap.5.xml:1307
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1312
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -2936,7 +3005,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1274
+#: sssd-ldap.5.xml:1320
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -2944,61 +3013,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1286
+#: sssd-ldap.5.xml:1332
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1289
+#: sssd-ldap.5.xml:1335
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1339
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1304
+#: sssd-ldap.5.xml:1350
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1353
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1311
+#: sssd-ldap.5.xml:1357
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1317
+#: sssd-ldap.5.xml:1363
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1320
+#: sssd-ldap.5.xml:1366
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1325
+#: sssd-ldap.5.xml:1371
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1377
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1380
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
@@ -3008,12 +3077,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:1570
+#: sssd-ldap.5.xml:1390 sssd-ldap.5.xml:1616
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1347
+#: sssd-ldap.5.xml:1393
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3022,14 +3091,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1351
+#: sssd-ldap.5.xml:1397
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1356
+#: sssd-ldap.5.xml:1402
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3038,24 +3107,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1364 sssd-ldap.5.xml:1414
+#: sssd-ldap.5.xml:1410 sssd-ldap.5.xml:1460
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1370
+#: sssd-ldap.5.xml:1416
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1373
+#: sssd-ldap.5.xml:1419
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1377
+#: sssd-ldap.5.xml:1423
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3063,19 +3132,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1384
+#: sssd-ldap.5.xml:1430
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1387
+#: sssd-ldap.5.xml:1433
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1392
+#: sssd-ldap.5.xml:1438
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3084,7 +3153,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1399
+#: sssd-ldap.5.xml:1445
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3092,7 +3161,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1405
+#: sssd-ldap.5.xml:1451
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3101,89 +3170,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1420
+#: sssd-ldap.5.xml:1466
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1423
+#: sssd-ldap.5.xml:1469
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1427
+#: sssd-ldap.5.xml:1473
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1430
+#: sssd-ldap.5.xml:1476
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1480
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1439
+#: sssd-ldap.5.xml:1485
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1443
+#: sssd-ldap.5.xml:1489
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1446
+#: sssd-ldap.5.xml:1492
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1453
+#: sssd-ldap.5.xml:1499
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1456
+#: sssd-ldap.5.xml:1502
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1461
+#: sssd-ldap.5.xml:1507
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1511
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1470
+#: sssd-ldap.5.xml:1516
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1475
+#: sssd-ldap.5.xml:1521
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1480
+#: sssd-ldap.5.xml:1526
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3200,74 +3269,74 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1492
+#: sssd-ldap.5.xml:1538
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1545
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1502
+#: sssd-ldap.5.xml:1548
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1506 sssd-ldap.5.xml:1525 sssd-ldap.5.xml:1544
+#: sssd-ldap.5.xml:1552 sssd-ldap.5.xml:1571 sssd-ldap.5.xml:1590
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1511 sssd-ldap.5.xml:1530 sssd-ldap.5.xml:1549
+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1576 sssd-ldap.5.xml:1595
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1564
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1567
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1537
+#: sssd-ldap.5.xml:1583
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1586
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1556
+#: sssd-ldap.5.xml:1602
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1559
+#: sssd-ldap.5.xml:1605
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1563
+#: sssd-ldap.5.xml:1609
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1573
+#: sssd-ldap.5.xml:1619
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3275,33 +3344,33 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1576
+#: sssd-ldap.5.xml:1622
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1583
+#: sssd-ldap.5.xml:1629
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1586
+#: sssd-ldap.5.xml:1632
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1590
+#: sssd-ldap.5.xml:1636
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1494
+#: sssd-ldap.5.xml:1540
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3309,7 +3378,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1610
+#: sssd-ldap.5.xml:1656
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -3317,7 +3386,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:1616
+#: sssd-ldap.5.xml:1662
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -3331,18 +3400,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1615 sssd-simple.5.xml:134 sssd-ipa.5.xml:255
+#: sssd-ldap.5.xml:1661 sssd-simple.5.xml:134 sssd-ipa.5.xml:354
#: sssd-krb5.5.xml:441
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1629 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:1675 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1631
+#: sssd-ldap.5.xml:1677
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -3351,7 +3420,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1688
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -3542,7 +3611,7 @@ msgid ""
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
-"libraries it reads and evaluates these variable and returns them to the "
+"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
@@ -3670,7 +3739,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:65
msgid ""
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -3741,32 +3810,38 @@ msgid ""
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> identity provider and the <citerefentry> <refentrytitle>sssd-"
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
-"provider. However, it is neither necessary nor recommended to set these "
-"options. IPA provider can also be used as an access and chpass provider. As "
-"an access provider it uses HBAC (host-based access control) rules. Please "
-"refer to freeipa.org for more information about HBAC. No configuration of "
-"access provider is required on the client side."
+"provider with some exceptions described below."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:55
+msgid ""
+"However, it is neither necessary nor recommended to set these options. IPA "
+"provider can also be used as an access and chpass provider. As an access "
+"provider it uses HBAC (host-based access control) rules. Please refer to "
+"freeipa.org for more information about HBAC. No configuration of access "
+"provider is required on the client side."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:69
+#: sssd-ipa.5.xml:72
msgid "ipa_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:72
+#: sssd-ipa.5.xml:75
msgid ""
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:80
+#: sssd-ipa.5.xml:83
msgid "ipa_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:83
+#: sssd-ipa.5.xml:86
msgid ""
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
@@ -3776,109 +3851,109 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:96
+#: sssd-ipa.5.xml:99
msgid "ipa_hostname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:99
+#: sssd-ipa.5.xml:102
msgid ""
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:107
+#: sssd-ipa.5.xml:110
msgid "ipa_dyndns_update (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:110
+#: sssd-ipa.5.xml:113
msgid ""
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA v2 with the IP address of this client."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:121
+#: sssd-ipa.5.xml:124
msgid "ipa_dyndns_iface (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:124
+#: sssd-ipa.5.xml:127
msgid ""
"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
"interface whose IP address should be used for dynamic DNS updates."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:129
+#: sssd-ipa.5.xml:132
msgid "Default: Use the IP address of the IPA LDAP connection"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:135
+#: sssd-ipa.5.xml:138
msgid "ipa_hbac_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:138
+#: sssd-ipa.5.xml:141
msgid "Optional. Use the given string as search base for HBAC related objects."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:142
+#: sssd-ipa.5.xml:145
msgid "Default: Use base DN"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:154 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:158
+#: sssd-ipa.5.xml:161
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:168
+#: sssd-ipa.5.xml:171
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:172
+#: sssd-ipa.5.xml:175
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:183
+#: sssd-ipa.5.xml:186
msgid ""
-"Specifies if the host and user pricipal should be canonicalized when "
+"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
"with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:196
+#: sssd-ipa.5.xml:199
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:199
+#: sssd-ipa.5.xml:202
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -3886,17 +3961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:206
+#: sssd-ipa.5.xml:209
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:211
+#: sssd-ipa.5.xml:214
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:214
+#: sssd-ipa.5.xml:217
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -3905,26 +3980,144 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:226
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:228
+#: sssd-ipa.5.xml:231
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:233
+#: sssd-ipa.5.xml:236
msgid "Default: DENY_ALL"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:241
+msgid "ipa_hbac_support_srchost (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:244
+msgid ""
+"If this is set to false, then srchost as given to SSSD by PAM will be "
+"ignored."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:254
+msgid "ipa_netgroup_member_of (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:257
+msgid "The LDAP attribute that lists netgroup's memberships."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:266
+msgid "ipa_netgroup_member_user (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:269
+msgid ""
+"The LDAP attribute that lists system users and groups that are direct "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:274
+msgid "Default: memberUser"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:279
+msgid "ipa_netgroup_member_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:282
+msgid ""
+"The LDAP attribute that lists hosts and host groups that are direct members "
+"of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:286
+msgid "Default: memberHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:291
+msgid "ipa_netgroup_member_ext_host (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:294
+msgid ""
+"The LDAP attribute that lists FQDNs of hosts and host groups that are "
+"members of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:298
+msgid "Default: externalHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:303
+msgid "ipa_netgroup_domain (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:306
+msgid "The LDAP attribute that contains NIS domain name of the netgroup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:310
+msgid "Default: nisDomainName"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:316
+msgid "ipa_host_object_class (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:319
+msgid "The object class of a host entry in LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:322
+msgid "Default: ipaHost"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:327
+msgid "ipa_host_fqdn (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:330
+msgid "The LDAP attribute that contains FQDN of the host."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:333
+msgid "Default: fqdn"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:249
+#: sssd-ipa.5.xml:348
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -3932,7 +4125,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:256
+#: sssd-ipa.5.xml:355
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -3942,7 +4135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:267
+#: sssd-ipa.5.xml:366
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -4071,30 +4264,40 @@ msgid ""
"<manvolnum>5</manvolnum> </citerefentry> manual page."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:135
+msgid "<option>--version</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:139
+msgid "Print version number and exit."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.8.xml:137
+#: sssd.8.xml:147
msgid "Signals"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:140
+#: sssd.8.xml:150
msgid "SIGTERM/SIGINT"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:143
+#: sssd.8.xml:153
msgid ""
"Informs the SSSD to gracefully terminate all of its child processes and then "
"shut down the monitor."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:149
+#: sssd.8.xml:159
msgid "SIGHUP"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:152
+#: sssd.8.xml:162
msgid ""
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
@@ -4102,31 +4305,31 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:160
+#: sssd.8.xml:170
msgid "SIGUSR1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:163
+#: sssd.8.xml:173
msgid ""
"Tells the SSSD to simulate offline operation for one minute. This is mostly "
"useful for testing purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
-#: sssd.8.xml:169
+#: sssd.8.xml:179
msgid "SIGUSR2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:172
+#: sssd.8.xml:182
msgid ""
"Tells the SSSD to go online immediately. This is mostly useful for testing "
"purposes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.8.xml:183
+#: sssd.8.xml:193
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -4768,7 +4971,7 @@ msgstr ""
#: sssd-krb5.5.xml:391
msgid ""
"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
-"and above. If sssd used used with an older version using this option is a "
+"and above. If sssd used with an older version using this option is a "
"configuration error."
msgstr ""
@@ -4785,7 +4988,7 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:412
msgid ""
-"Specifies if the host and user pricipal should be canonicalized. This "
+"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos >= 1.7"
msgstr ""