summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/man/po/cs.po2143
-rw-r--r--src/man/po/es.po2231
-rw-r--r--src/man/po/fr.po2271
-rw-r--r--src/man/po/ja.po2384
-rw-r--r--src/man/po/nl.po2181
-rw-r--r--src/man/po/pt.po2200
-rw-r--r--src/man/po/ru.po2149
-rw-r--r--src/man/po/sssd-docs.pot2098
-rw-r--r--src/man/po/tg.po2152
-rw-r--r--src/man/po/uk.po2344
10 files changed, 14545 insertions, 7608 deletions
diff --git a/src/man/po/cs.po b/src/man/po/cs.po
index 667902a4..086a85bb 100644
--- a/src/man/po/cs.po
+++ b/src/man/po/cs.po
@@ -8,8 +8,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-08 11:52+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-20 17:34+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Czech (http://www.transifex.net/projects/p/fedora/language/"
"cs/)\n"
@@ -114,18 +114,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr "VIZ TAKÉ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -224,7 +224,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr ""
@@ -254,33 +254,35 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -289,19 +291,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -309,7 +311,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -317,19 +319,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -337,17 +339,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -356,7 +358,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -364,45 +366,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+msgid "force_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -415,12 +438,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -429,128 +452,128 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "fd_limit"
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:278
msgid ""
-"This option specifies the maximum number of file descriptors that may be "
-"opened at one time by this SSSD process. On systems where SSSD is granted "
-"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
-"systems without this capability, the resulting value will be the lower value "
-"of this or the limits.conf \"hard\" limit."
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
-msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
+#: sssd.conf.5.xml:301
+msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
+#: sssd.conf.5.xml:304
msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
+#: sssd.conf.5.xml:313
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -558,7 +581,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -568,7 +591,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -577,17 +600,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -595,17 +618,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -614,78 +637,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -693,138 +716,192 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+msgid "fallback_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+msgid "default_shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+msgid "get_domains_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -832,59 +909,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -892,7 +969,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -901,45 +978,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -947,7 +1038,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -956,71 +1047,93 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+msgid "SSH configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+msgid "These options can be used to configure the SSH service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1029,56 +1142,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1088,14 +1184,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1104,98 +1200,98 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1204,47 +1300,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+msgid "pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1253,19 +1375,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1273,7 +1395,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1281,30 +1403,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1312,17 +1434,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1331,24 +1455,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1356,7 +1480,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1364,7 +1488,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1372,35 +1496,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1408,29 +1532,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1438,66 +1562,153 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+msgid "subdomains_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1505,51 +1716,83 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+msgid "subdomain_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1557,29 +1800,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1587,19 +1830,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1607,73 +1850,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1681,17 +1924,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1700,17 +1943,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1718,17 +1961,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1736,18 +1979,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1777,7 +2020,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1786,7 +2029,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1985,216 +2228,234 @@ msgstr ""
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+msgid "ldap_user_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2203,17 +2464,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2222,17 +2483,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2241,17 +2502,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2260,17 +2521,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2279,17 +2540,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2298,17 +2559,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2316,158 +2577,158 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2476,29 +2737,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2506,54 +2767,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2561,24 +2822,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -2586,89 +2847,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+msgid "ldap_group_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -2676,198 +2949,198 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2875,7 +3148,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2883,35 +3156,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2922,12 +3190,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2935,12 +3203,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -2949,34 +3217,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -2984,27 +3252,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3012,13 +3303,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3027,7 +3318,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3035,26 +3326,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3062,7 +3353,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3070,7 +3361,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3078,41 +3369,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3121,38 +3412,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3160,90 +3452,103 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
+#: sssd-ldap.5.xml:1318
+msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1321
msgid ""
-"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
-"supported."
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1337
+msgid "ldap_sasl_mech (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1340
+msgid ""
+"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
+"supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3251,27 +3556,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3283,7 +3588,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3291,7 +3596,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3299,53 +3604,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3353,7 +3658,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3361,76 +3666,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3439,14 +3753,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3455,24 +3769,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3480,19 +3794,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3501,7 +3815,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3509,7 +3823,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3518,89 +3832,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3617,212 +3931,212 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -3831,76 +4145,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -3909,62 +4223,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3972,55 +4286,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4028,7 +4342,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4036,7 +4350,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4049,19 +4363,19 @@ msgid ""
" enumerate = true\n"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4070,7 +4384,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -4594,40 +4908,55 @@ msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+msgid "ipa_subdomains_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -4635,12 +4964,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4648,17 +4977,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4667,313 +4996,313 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -4981,7 +5310,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -4991,7 +5320,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -5068,11 +5397,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -5453,7 +5777,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -5927,7 +6251,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6012,7 +6336,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6056,7 +6380,7 @@ msgstr ""
"jménem<replaceable>SKUPINA</replaceable>."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6118,7 +6442,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6207,7 +6531,7 @@ msgid "The SELinux user for the user's login."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6317,13 +6641,69 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid ""
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
+"replaceable>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+#, fuzzy
+#| msgid "<option>-h</option>,<option>--help</option>"
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr "<option>-h</option>,<option>--help</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:113
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -6548,7 +6928,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr ""
@@ -6664,6 +7044,231 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+msgid "Advanced Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+msgid "ldap_idmap_range_min (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+msgid "Default: 10001"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+msgid "ldap_idmap_range_max (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+msgid "Default: 2000100000"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+msgid "ldap_idmap_range_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+msgid "Default: 200000"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+msgid "ldap_idmap_default_domain (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -6783,3 +7388,27 @@ msgid ""
"<emphasis> This is an experimental feature, please use http://fedorahosted."
"org/sssd to report any issues. </emphasis>"
msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
diff --git a/src/man/po/es.po b/src/man/po/es.po
index 852cff6f..1b8d0649 100644
--- a/src/man/po/es.po
+++ b/src/man/po/es.po
@@ -11,8 +11,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-08 11:52+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-20 17:34+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Spanish (Castilian) <trans-es@lists.fedoraproject.org>\n"
"Language: es\n"
@@ -130,18 +130,18 @@ msgstr ""
"<replaceable>GROUPS</replaceable>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr "VEA TAMBIEN"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -268,7 +268,7 @@ msgid "The [sssd] section"
msgstr "La sección [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr "Parámetros de sección"
@@ -302,16 +302,18 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -320,17 +322,17 @@ msgstr ""
"de datos del proveedor, o de reiniciarse antes de abandonar"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr "Predeterminado: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr "dominios"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -344,12 +346,12 @@ msgstr ""
"consultados."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr "re_expression (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
@@ -358,7 +360,7 @@ msgstr ""
"nombre de usuariosy dominio en estos componentes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -369,7 +371,7 @@ msgstr ""
"el nombre, el dominio es el resto detrás de este signo\""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -377,7 +379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -386,12 +388,12 @@ msgstr ""
"soportan la sintaxis Python (?P&lt;name&gt;) para identificar subpatrones."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr "full_name_format (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -402,17 +404,17 @@ msgstr ""
"traducir una tupla (nombre, dominio), a un nombre totalmente calificado."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Predeterminado: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr "try_inotify (boolean)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -425,7 +427,7 @@ msgstr ""
"segundos en caso que inotify no pueda ser utilizado."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -436,7 +438,7 @@ msgstr ""
"'false' "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -445,7 +447,7 @@ msgstr ""
"en el resto de las plataformas."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -455,12 +457,12 @@ msgstr ""
"utilizada siempre."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -469,19 +471,42 @@ msgstr ""
"reproducción de cache de Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "force_timeout (integer)"
+msgstr "timeout (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr "Predeterminado: 60"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -494,12 +519,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr "SECCIONES DE SERVICIOS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -512,61 +537,80 @@ msgstr ""
"<quote>[nss]</quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr "Opciones de configuración de servicios generales"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr "Estas opciones pueden usarse para configurar cualquier servicio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr "debug_level (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr "Agregar una marca de tiempo a los mensajes de depuración"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr "Predeterminado: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr "Agregar microsegundos a la marca de tiempo en mensajes de depuración"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr "Predeterminado: false"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
+msgstr "timeout (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:278
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
+msgstr "Predeterminado: 10"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:301
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:304
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -576,36 +620,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
+#: sssd.conf.5.xml:313
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
-msgstr "command (cadena)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr "Predeterminado: <command>sssd_${service_name}</command>"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr "Opciones de configuración de NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -613,29 +638,29 @@ msgstr ""
"Switch (NSS)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr "Predeterminado: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -643,7 +668,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -653,7 +678,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -662,17 +687,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr "Predeterminado: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -680,17 +705,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr "Predeterminado: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -699,78 +724,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr "Predeterminado: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr "override_homedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr "número UID"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr "%d"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr "nombre de dominio"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr "%f"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr "%%"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -778,90 +803,150 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+#, fuzzy
+#| msgid "mail_dir (string)"
+msgid "fallback_homedir (string)"
+msgstr "mail_dir (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr "allowed_shells (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr "shell_fallback (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr "Predeterminado: /bin/sh"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+#, fuzzy
+#| msgid "default_shell (string)"
+msgid "default_shell"
+msgstr "default_shell (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+#, fuzzy
+#| msgid "entry_negative_timeout (integer)"
+msgid "get_domains_timeout (int)"
+msgstr "entry_negative_timeout (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr "Opciones de configuración PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -870,48 +955,48 @@ msgstr ""
"Authentication Module (PAM)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr "Predeterminado: 0 (Sin límite)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -919,61 +1004,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr "Predeterminado: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr "Actualmente sssd soporta los siguientes valores:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: no mostrar ningún mensaje"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: mostrar sólo mensajes importantes"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: mostrar mensajes informativos"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: mostrar todos los mensajes e información de "
"depuración"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr "Predeterminado: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -981,7 +1066,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -990,45 +1075,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (entero)"
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr "Mostrar una advertencia N días antes que la contraseña caduque."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
-msgstr "Predeterminado: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Predeterminado: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -1036,7 +1135,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -1045,64 +1144,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+#, fuzzy
+#| msgid "NSS configuration options"
+msgid "SSH configuration options"
+msgstr "Opciones de configuración de NSS"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure the SSH service."
+msgstr "Estas opciones pueden usarse para configurar cualquier servicio."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr "SECCIONES DE DOMINIO"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr "min_id, max_id (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1111,7 +1236,7 @@ msgstr ""
"está fuera de estos límites, ésta es ignorada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1120,56 +1245,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Predeterminado: 1 para min_id, 0 (sin límite) para max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr "timeout (entero)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr "Predeterminado: 10"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr "enumerar (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr "Predeterminado: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1179,14 +1287,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1195,12 +1303,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1209,88 +1317,88 @@ msgstr ""
"volver a consultar al backend"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr "Predeterminado: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"Las credenciales de usuario son almacenadas en un hash SHA512, no en texto "
"plano"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1299,47 +1407,77 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr "Predeterminado: 0 (ilimitado)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+#, fuzzy
+#| msgid "pam_pwd_expiration_warning (integer)"
+msgid "pwd_expiration_warning (integer)"
+msgstr "pam_pwd_expiration_warning (entero)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+#, fuzzy
+#| msgid "Default: memberHost"
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr "Predeterminado: memberHost"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr "id_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr "Backends soportados:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1348,12 +1486,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr "auth_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -1362,7 +1500,7 @@ msgstr ""
"autenticación soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1370,7 +1508,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1378,30 +1516,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr "access_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1409,17 +1547,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
-msgstr "<quote>permit</quote> siempre permitir el acceso."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> siempre niega el acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1428,24 +1568,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr "Predeterminado: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr "chpass_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1453,7 +1593,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1465,7 +1605,7 @@ msgstr ""
"configurar LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1476,36 +1616,36 @@ msgstr ""
"citerefentry> para más información sobre configurar Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
"<quote>none</quote> deniega explícitamente los cambios en la contraseña."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1513,29 +1653,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1543,66 +1683,167 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+#, fuzzy
+#| msgid "id_provider (string)"
+msgid "subdomains_provider (string)"
+msgstr "id_provider (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+#, fuzzy
+#| msgid ""
+#| "<quote>ldap</quote> to change a password stored in a LDAP server. See "
+#| "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring LDAP."
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+"<quote>ldap</quote> para cambiar una contraseña almacenada en un servidor "
+"LDAP. Vea <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> para más información sobre "
+"configurar LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+#, fuzzy
+#| msgid "<quote>none</quote> disallows password changes explicitly."
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+"<quote>none</quote> deniega explícitamente los cambios en la contraseña."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr "Predeterminado: none"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr "Valores soportados:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr "ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr "ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr "ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr "ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr "Predeterminado: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1610,52 +1851,86 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
"Predeterminado: Utilizar la parte del dominio del nombre de host del equipo"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr "override_gid (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr "case_sensitive (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr "Predeterminado: True"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+#, fuzzy
+#| msgid "override_homedir (string)"
+msgid "subdomain_homedir (string)"
+msgstr "override_homedir (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1663,29 +1938,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1693,7 +1968,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -1702,12 +1977,12 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr "La sección de dominio local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1718,29 +1993,29 @@ msgstr ""
"utiliza <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr "default_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"El shell predeterminado para los usuarios creados con herramientas de "
"espacio de usuario SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Predeterminado: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr "base_directory (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -1750,46 +2025,46 @@ msgstr ""
"de inicio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr "Predeterminado: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr "create_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr "Predeterminado: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr "remove_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr "homedir_umask (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1800,17 +2075,17 @@ msgstr ""
"predeterminados en un directorio de inicio recién creado."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr "Predeterminado: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr "skel_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1823,17 +2098,17 @@ msgstr ""
"<manvolnum>8</manvolnum></citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Predeterminado: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr "mail_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1841,17 +2116,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr "Predeterminado: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1859,18 +2134,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr "Predeterminado: None, no se ejecuta comando"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr "EJEMPLO"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1924,7 +2199,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1933,7 +2208,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2152,204 +2427,228 @@ msgstr "ldap_schema (cadena)"
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr "Predeterminado: rfc2307"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr "ldap_default_bind_dn (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr "ldap_default_authtok_type (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr "Los dos mecanismos actualmente soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr "contraseña"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr "obfuscated_password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr "ldap_default_authtok (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr "ldap_user_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr "La clase de objeto de una entrada de usuario en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr "Predeterminado: posixAccount"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr "ldap_user_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
"El atributo LDAP que corresponde al nombre de inicio de sesión del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr "Predeterminado: uid"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr "ldap_user_uid_number (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr "El atributo LDAP que corresponde al id de usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr "Predeterminado: uidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr "ldap_user_gid_number (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr "El atributo LDAP que corresponde al id del grupo primario del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr "Predeterminado: gidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr "ldap_user_gecos (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr "El atributo LDAP que corresponde al campo de gecos del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr "Predeterminado: gecos"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr "ldap_user_home_directory (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
"El atributo LDAP que contiene el nombre del directorio principal del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr "Predeterminado: homeDirectory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr "ldap_user_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
"El atributo LDAP que contiene la ruta de acceso a la shell predeterminada "
"del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr "Predeterminado: loginShell"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr "ldap_user_uuid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
"El atributo LDAP que contiene el GUID/UUID de un objeto de usuario LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr "Predeterminado: nsUniqueId"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+#, fuzzy
+#| msgid "ldap_user_object_class (string)"
+msgid "ldap_user_objectsid (string)"
+msgstr "ldap_user_object_class (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+"El atributo LDAP que contiene el GUID/UUID de un objeto de usuario LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -2358,17 +2657,17 @@ msgstr ""
"objeto primario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr "Predeterminado: modifyTimestamp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr "ldap_user_shadow_last_change (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2377,17 +2676,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr "Predeterminado: shadowLastChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr "ldap_user_shadow_min (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2396,17 +2695,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr "Predeterminado: shadowMin"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr "ldap_user_shadow_max (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2415,17 +2714,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr "Predeterminado: shadowMax"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr "ldap_user_shadow_warning (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2434,17 +2733,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr "Predeterminado: shadowWarning"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr "ldap_user_shadow_inactive (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2453,17 +2752,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr "Predeterminado: shadowInactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr "ldap_user_shadow_expire (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2472,17 +2771,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr "Predeterminado: shadowExpire"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr "ldap_user_krb_last_pwd_change (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2490,158 +2789,158 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr "Predeterminado: krbLastPwdChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr "ldap_user_krb_password_expiration (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr "Predeterminado: krbPasswordExpiration"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr "ldap_user_ad_account_expires (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr "Predeterminado: accountExpires"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr "ldap_user_ad_user_account_control (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr "Predeterminado: userAccountControl"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr "ldap_ns_account_lock (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr "Predeterminado: nsAccountLock"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr "ldap_user_nds_login_disabled (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr "Predeterminado: loginDisabled"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr "ldap_user_nds_login_expiration_time (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr "ldap_user_nds_login_allowed_time_map (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr "Predeterminado: loginAllowedTimeMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr "ldap_user_principal (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr "Predeterminado: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2650,29 +2949,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr "Predeterminado: 300"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2680,56 +2979,56 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
"Establecer esta opción en cero desactivará la operación de limpieza de la "
"caché."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr "Predeterminado: 10800 (12 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "El atributo LDAP que corresponde al nombre completo del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr "Predeterminado: cn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr "ldap_user_member_of (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr "Predeterminado: memberOf"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr "ldap_user_authorized_service (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2737,24 +3036,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr "Predeterminado: iluminada"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -2762,89 +3061,106 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr "Default: host"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr "ldap_group_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr "La clase de objeto de una entrada de grupo LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr "Por defecto: posixGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr "ldap_group_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr "El atributo LDAP que corresponde al nombre de grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr "ldap_group_gid_number (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr "El atributo LDAP que corresponde al id del grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr "ldap_group_member (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr "El atributo LDAP que contiene los nombres de los miembros del grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr "Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr "ldap_group_uuid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr "El atributo LDAP que contiene el UUID/GUID de un objeto de grupo LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+#, fuzzy
+#| msgid "ldap_group_object_class (string)"
+msgid "ldap_group_objectsid (string)"
+msgstr "ldap_group_object_class (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr "El atributo LDAP que contiene el UUID/GUID de un objeto de grupo LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr "ldap_group_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -2852,198 +3168,198 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr "Predeterminado: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr "La clase de objeto de una entrada netgroup en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr "Predeterminado: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "El atributo LDAP que corresponde al nombre del netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr "Predeterminado: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr "Predeterminado: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Predeterminado: el valor de <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3051,7 +3367,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3059,35 +3375,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr "Predeterminado: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr "Predeterminado: 60"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3098,12 +3409,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3111,12 +3422,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3125,34 +3436,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr "Predeterminado: 900 (15 minutos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr "Predeterminado: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3160,27 +3471,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3188,13 +3522,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3203,7 +3537,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3211,26 +3545,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3238,7 +3572,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3246,7 +3580,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3254,41 +3588,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr "Predeterminado: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3297,38 +3631,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr "Predeterminado: no definido"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr "Especifica el archivo que contiene la clave del cliente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3336,24 +3671,44 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1318
+#, fuzzy
+#| msgid "ldap_referrals (boolean)"
+msgid "ldap_id_mapping (boolean)"
+msgstr "ldap_referrals (boolean)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1321
+msgid ""
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1337
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1340
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -3361,67 +3716,62 @@ msgstr ""
"Especifica el mecanismo SASL a emplear. Actualmente sólo GSSAPI está "
"probado y soportado."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr "Predeterminado: none"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr "Predeterminado: host/machine.fqdn@REALM"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr "Predeterminado: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3429,27 +3779,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr "Predeterminado: 86400 (24 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr "krb5_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3461,7 +3811,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3469,7 +3819,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3477,41 +3827,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -3520,14 +3870,14 @@ msgstr ""
"del cliente. Los siguientes valores son permitidos:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3535,7 +3885,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3543,46 +3893,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Especifica el nombre del servicio para utilizar cuando está habilitado el "
"servicio de descubrimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr "Predeterminado: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -3592,32 +3951,32 @@ msgstr ""
"descubrimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr "Ejemplo:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3629,14 +3988,14 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3645,24 +4004,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr "Predeterminado: vacío"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3670,19 +4029,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr "Los siguientes valores están permitidos:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3691,7 +4050,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3699,7 +4058,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3708,29 +4067,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Lista separada por coma de opciones de control de acceso. Los valores "
"permitidos son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -3739,17 +4098,17 @@ msgstr ""
"autorizedService para determinar el acceso"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr "Predeterminado: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -3758,45 +4117,45 @@ msgstr ""
"una vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr "ldap_deref (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3813,212 +4172,212 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4027,76 +4386,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -4105,62 +4464,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr "OPCIONES AVANZADAS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr "ldap_user_search_filter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -4170,55 +4529,55 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr "ldap_group_search_filter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4226,7 +4585,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4234,7 +4593,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4255,19 +4614,19 @@ msgstr ""
" cache_credentials = true\n"
" enumerate = true\n"
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr "NOTAS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4276,7 +4635,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -4822,40 +5181,59 @@ msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "ipa_subdomains_search_base (string)"
+msgstr "ipa_hbac_search_base (cadena)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+#, fuzzy
+#| msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr "Predeterminado: el valor de <emphasis>ldap_search_base</emphasis>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -4863,12 +5241,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4876,17 +5254,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr "Predeterminado: 5 (segundos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4895,313 +5273,313 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr "Predeterminado: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr "ipa_hbac_support_srchost (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr "ipa_netgroup_member_of (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr "ipa_netgroup_member_user (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr "Predeterminado: memberUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr "ipa_netgroup_member_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr "Predeterminado: memberHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr "ipa_netgroup_member_ext_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr "Predeterminado: externalHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr "ipa_netgroup_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr "Predeterminado: nisDomainName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr "ipa_host_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr "Predeterminado: ipaHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -5209,7 +5587,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -5223,7 +5601,7 @@ msgstr ""
" ipa_hostname = myhost.example.com\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -5314,11 +5692,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr "<emphasis>0</emphasis>: Desactiva microsegundos en marcas de tiempo"
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Predeterminado: 0"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -5736,7 +6109,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6231,7 +6604,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6328,7 +6701,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr "Antes de realmente eliminar al usuario, terminar todos sus procesos."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6379,7 +6752,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6444,7 +6817,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6544,7 +6917,7 @@ msgid "The SELinux user for the user's login."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6663,13 +7036,74 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
+#, fuzzy
+#| msgid ""
+#| "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
"replaceable>"
msgstr ""
+"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:113
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+#, fuzzy
+#| msgid "<option>-f</option>,<option>--force</option>"
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr "<option>-f</option>,<option>--force</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+#, fuzzy
+#| msgid ""
+#| "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+#, fuzzy
+#| msgid "<option>-D</option>,<option>--daemon</option>"
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr "<option>-D</option>,<option>--daemon</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -6894,7 +7328,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr "Configuración"
@@ -7010,6 +7444,251 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+#, fuzzy
+#| msgid "Configuration"
+msgid "Advanced Configuration"
+msgstr "Configuración"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_min (integer)"
+msgstr "ldap_page_size (entero)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 10001"
+msgstr "Predeterminado: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_max (integer)"
+msgstr "ldap_page_size (entero)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 2000100000"
+msgstr "Predeterminado: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_size (integer)"
+msgstr "ldap_page_size (entero)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 200000"
+msgstr "Predeterminado: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+#, fuzzy
+#| msgid "ldap_default_bind_dn (string)"
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr "ldap_default_bind_dn (cadena)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+#, fuzzy
+#| msgid "ldap_default_bind_dn (string)"
+msgid "ldap_idmap_default_domain (string)"
+msgstr "ldap_default_bind_dn (cadena)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+#, fuzzy
+#| msgid "ldap_sasl_canonicalize (boolean)"
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr "ldap_sasl_canonicalize (boolean)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -7129,3 +7808,33 @@ msgid ""
"<emphasis> This is an experimental feature, please use http://fedorahosted."
"org/sssd to report any issues. </emphasis>"
msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
+
+#~ msgid "Default: 7"
+#~ msgstr "Predeterminado: 7"
+
+#~ msgid "<quote>permit</quote> always allow access."
+#~ msgstr "<quote>permit</quote> siempre permitir el acceso."
diff --git a/src/man/po/fr.po b/src/man/po/fr.po
index 6807e004..c93dc22a 100644
--- a/src/man/po/fr.po
+++ b/src/man/po/fr.po
@@ -9,8 +9,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-12 20:08+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-20 17:34+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: French <trans-fr@lists.fedoraproject.org>\n"
"Language: fr\n"
@@ -128,18 +128,18 @@ msgstr ""
"<replaceable>GROUPS</replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr "VOIR AUSSI"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -265,7 +265,7 @@ msgid "The [sssd] section"
msgstr "La section [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr "Paramètres de section"
@@ -298,16 +298,18 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -316,17 +318,17 @@ msgstr ""
"redémarrer dans le cas d'un plantage du « Data Provider » avant d'abandonner"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr "Par défaut : 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr "domaines"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -339,12 +341,12 @@ msgstr ""
"domaines dans l'ordre où vous voulez les appeler."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr "re_expression (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
@@ -353,7 +355,7 @@ msgstr ""
"contenant les informations utilisateur et les domaines vers les composants."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -364,7 +366,7 @@ msgstr ""
"importe le domaine après »"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -376,7 +378,7 @@ msgstr ""
"fonction."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -385,12 +387,12 @@ msgstr ""
"syntaxe Python (?P&lt;name&gt;) pour nommer les sous-modèles."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr "full_name_format (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -401,17 +403,17 @@ msgstr ""
"domaine) d'un tuple en un domaine totalement qualifé."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Par défaut : <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr "try_inotify (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -424,7 +426,7 @@ msgstr ""
"échoue."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -434,7 +436,7 @@ msgstr ""
"conseillée. Dans ces rares cas, cette option devrait être définie à « false »"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -443,7 +445,7 @@ msgstr ""
"sur les autres plateformes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -452,31 +454,56 @@ msgstr ""
"pas accessible. Sur celles-ci, la requête sera toujours utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
+"Répertoire du système de fichiers où SSSD doit stocker les fichiers de "
+"relecture de Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "force_timeout (integer)"
+msgstr "timeout (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr "Par défaut : 60"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -495,12 +522,12 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr "SECTIONS SERVICES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -513,61 +540,80 @@ msgstr ""
"<quote>[nss]</quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr "Options générales de configuration du service"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr "Ces options peuvent être utilisées pour configurer les services."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr "debug_level (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr "Ajoute un horodatage aux messages de débogage"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr "Par défaut : true"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr "Par défaut : false"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
+msgstr "timeout (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:278
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
+msgstr "Par défaut : 10"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:301
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:304
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -577,40 +623,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
+#: sssd.conf.5.xml:313
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
-msgstr "command (chaîne)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-"Par défaut, l'exécutable représentant ce service est appelé <command>sssd_"
-"${service_name}</command>. Cette directive autorise de changer le nom de "
-"l'exécutable pour le service. Dans la plupart des cas, les valeurs par "
-"défaut sont suffisantes."
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr "Par défaut : <command>sssd_${service_name}</command>"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr "Options de configuration NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -618,12 +641,12 @@ msgstr ""
"Switch (NSS)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -632,17 +655,17 @@ msgstr ""
"(requêtes pour les informations sur tous les utilisateurs)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr "Par défaut : 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -653,7 +676,7 @@ msgstr ""
"valeur de entry_cache_timeout pour le domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -668,7 +691,7 @@ msgstr ""
"requêtes ne seront pas bloquées en attendant une mise à jour du cache."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -681,17 +704,17 @@ msgstr ""
"de non réponse à moins de 10 secondes (0 pour désactiver l'option)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr "Par défaut : 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -703,17 +726,17 @@ msgstr ""
"nouveau l'arrière plan."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr "Par défaut : 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -727,17 +750,17 @@ msgstr ""
"domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr "Par défaut : root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -745,62 +768,62 @@ msgstr ""
"à « false »."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr "override_homedir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr "%u"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr "nom de connexion"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr "paramètre UID"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr "%d"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr "nom de domaine"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr "%f"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr "nom d'utilisateur qualifié totalement (utilisateur@domaine)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr "%%"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr "un « % » littéral"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -811,17 +834,42 @@ msgstr ""
"substituées :<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr "Cette option peut aussi être définie pour chaque domaine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+#, fuzzy
+#| msgid "mail_dir (string)"
+msgid "fallback_homedir (string)"
+msgstr "mail_dir (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr "allowed_shells (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -829,14 +877,14 @@ msgstr ""
"L'ordre d'évaluation est :"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
"1. Si l'interpréteur de commandes est présent dans <quote>/etc/shells</"
"quote> il est utilisé."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -846,7 +894,7 @@ msgstr ""
"shell_fallback » sera faite."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -855,14 +903,14 @@ msgstr ""
"ni dans <quote>/etc/shells</quote>, une connexion sans shell est utlisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
"Une chaîne vide pour l'interpréteur de commandes est passée comme elle est à "
"la libc."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -872,31 +920,31 @@ msgstr ""
"est installé."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
"Par défaut : non défini. L'interpréteur de commandes de l'utilisateur est "
"utilisé automatiquement."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
"Remplacer toutes les occurences de ces interpréteurs de commandes par "
"l'interpréteur de commandes par défaut"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr "shell_fallback (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -904,17 +952,52 @@ msgstr ""
"commandes autorisé n'est pas installé sur la machine."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr "Par défaut : /bin/sh"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+#, fuzzy
+#| msgid "default_shell (string)"
+msgid "default_shell"
+msgstr "default_shell (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+#, fuzzy
+#| msgid "entry_negative_timeout (integer)"
+msgid "get_domains_timeout (int)"
+msgstr "entry_negative_timeout (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr "Options de configuration de PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -923,12 +1006,12 @@ msgstr ""
"(PAM)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -938,17 +1021,17 @@ msgstr ""
"connexion réussie)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr "Par défaut : 0 (pas de limite)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -957,12 +1040,12 @@ msgstr ""
"échouées sont autorisées."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -971,7 +1054,7 @@ msgstr ""
"atteint avant qu'une nouvelle tentative soit possible."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -979,17 +1062,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr "Par défaut : 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -998,44 +1081,44 @@ msgstr ""
"d'authentification. Le nombre le plus grand affichera plus de messages."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr "Actuellement sssd supporte les valeurs :"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis> : ne pas afficher de message"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis> : afficher seulement les messages importants"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis> : afficher les messages d'information"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis> : afficher tous les messages et informations de "
"débogage"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr "Par défaut : 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1047,7 +1130,7 @@ msgstr ""
"les dernières informations."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1061,17 +1144,17 @@ msgstr ""
"retour avec le fournisseur d'identité."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (entier)"
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr "Afficher une alerte N jours avant que le mot de passe n'expire."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1081,28 +1164,42 @@ msgstr ""
"à propos du temps d'expiration du mot de passe. Si cette information est "
"manquante, sssd ne peut afficher de message d'alerte."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
-msgstr "Par défaut : 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Par défaut : 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -1110,7 +1207,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -1119,64 +1216,90 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+#, fuzzy
+#| msgid "NSS configuration options"
+msgid "SSH configuration options"
+msgstr "Options de configuration NSS"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure the SSH service."
+msgstr "Ces options peuvent être utilisées pour configurer les services."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr "SECTIONS DOMAINE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1185,7 +1308,7 @@ msgstr ""
"dehors de ces limites, il est ignoré."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1198,37 +1321,17 @@ msgstr ""
"plage seront rapportés comme prévu."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Default: 1 for min_id, 0 (no limit) for max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr "timeout (entier)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-"Délai d'attente entre deux requêtes pour ce domaine. Ceci est utilisé pour "
-"s'assurer que le processus en arrière-plan soit toujours actif et capable de "
-"répondre."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr "Par défaut : 10"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr "enumerate (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1237,22 +1340,22 @@ msgstr ""
"valeurs suivantes :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = utilisateurs et groupes sont comptés"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = aucune énumération pour ce domaine"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr "Par défaut : FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1268,7 +1371,7 @@ msgstr ""
"importante liée au processus d'énumération."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1278,7 +1381,7 @@ msgstr ""
"complétion."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1292,12 +1395,12 @@ msgstr ""
"le id_provider spécifique utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1306,88 +1409,88 @@ msgstr ""
"valides avant d'appeler à nouveau l'arrière plan"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr "Par défaut : 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr "cache_credentials (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"Détermine si les crédits utilisateur sont aussi mis en cache dans le cache "
"LDB local"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1400,49 +1503,85 @@ msgstr ""
"ou égal à offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr "Défault: 0 (illimité)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+#, fuzzy
+#| msgid "pam_pwd_expiration_warning (integer)"
+msgid "pwd_expiration_warning (integer)"
+msgstr "pam_pwd_expiration_warning (entier)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+#, fuzzy
+#| msgid ""
+#| "Please note that the backend server has to provide information about the "
+#| "expiration time of the password. If this information is missing, sssd "
+#| "cannot display a warning."
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+"Veuillez noter que le serveur en arrière-plan doit fournir des informations "
+"à propos du temps d'expiration du mot de passe. Si cette information est "
+"manquante, sssd ne peut afficher de message d'alerte."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr "id_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
"L'identité du fournisseur de données en arrière-plan à utiliser pour le "
"domaine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr "Moteurs pris en charge :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr "proxy: supporte l'ancien protocole NSS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr "local: protocole SSSD interne et local"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr "ldap: protocole LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1456,12 +1595,12 @@ msgstr ""
"test@LOCAL</command> ne le trouve."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr "auth_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -1470,7 +1609,7 @@ msgstr ""
"autorisés sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1482,7 +1621,7 @@ msgstr ""
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1493,7 +1632,7 @@ msgstr ""
"citerefentry> pour plus d'informations sur la configuration de Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
@@ -1501,12 +1640,12 @@ msgstr ""
"PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> désactive l'authentification explicitement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -1515,12 +1654,12 @@ msgstr ""
"gérer les requêtes d'authentification."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr "access_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1531,17 +1670,19 @@ msgstr ""
"plan). Les fournisseurs internes spécifiques sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
-msgstr "<quote>permit</quote> autoriser l'accès de manière permanente."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> refuser l'accès de manière permanente.."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1554,17 +1695,17 @@ msgstr ""
"configuration du module d'accès simple."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr "Par défaut : <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr "chpass_provider (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -1573,7 +1714,7 @@ msgstr ""
"domaine. Les fournisseurs acceptés sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1585,7 +1726,7 @@ msgstr ""
"l'IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1597,7 +1738,7 @@ msgstr ""
"serveur LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1609,7 +1750,7 @@ msgstr ""
"Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
@@ -1617,13 +1758,13 @@ msgstr ""
"autre cible PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
"<quote>none</quote> désactiver le changement de mot de passe explicitement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -1632,17 +1773,17 @@ msgstr ""
"peut gérer les changements de mot de passe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1650,29 +1791,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1680,24 +1821,131 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+#, fuzzy
+#| msgid "id_provider (string)"
+msgid "subdomains_provider (string)"
+msgstr "id_provider (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+#, fuzzy
+#| msgid ""
+#| "The provider which should handle change password operations for the "
+#| "domain. Supported change password providers are:"
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+"Le fournisseur qui devrait gérer le changement des mots de passe pour le "
+"domaine. Les fournisseurs acceptés sont :"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote> to change a password stored in an IPA server. See "
+#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring IPA."
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+"<quote>ipa</quote> pour changer le mot de passe stocké sur un serveur IPA. "
+"Voir <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> pour plus d'informations sur la configuration de "
+"l'IPA."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+#, fuzzy
+#| msgid "<quote>none</quote> disallows password changes explicitly."
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+"<quote>none</quote> désactiver le changement de mot de passe explicitement."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr "Par défaut : aucun"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -1706,46 +1954,46 @@ msgstr ""
"utiliser pour effectuer les requêtes DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr "Valeurs autorisées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first : essaye de chercher une IPv4, si ça échoue, essaye une IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
"ipv4_only : ne tente de résoudre que les noms de domaines en adresses IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first : essaye de chercher une IPv6, si ça échoue, essaye une IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
"ipv6_only : ne tente de résoudre que les noms de domaines en adresses IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr "Par défaut : ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1756,12 +2004,12 @@ msgstr ""
"le domaine continuera en mode déconnecté."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -1771,41 +2019,75 @@ msgstr ""
"de DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
"Par défaut : utilise la partie du domaine qui est dans le nom d'hôte de la "
"machine."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr "override_gid (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr "Redéfinit le GID primaire avec la valeur spécifiée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr "case_sensitive (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr "Par défaut : True"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+#, fuzzy
+#| msgid "override_homedir (string)"
+msgid "subdomain_homedir (string)"
+msgstr "override_homedir (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1817,17 +2099,17 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr "Le proxy cible auquel PAM devient mandataire."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -1836,12 +2118,12 @@ msgstr ""
"exsitante ou créer une nouvelle et ajouter le nom de service ici."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1852,7 +2134,7 @@ msgstr ""
"$(libName)_$(function), par exemple _nss_files_getpwent."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -1861,12 +2143,12 @@ msgstr ""
"id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr "La section du domaine local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1877,29 +2159,29 @@ msgstr ""
"dire un domaine qui utilise <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr "default_shell (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"L'interpréteur de commandes par défaut pour les utilisateurs créés avec les "
"outils de l'espace utilisateur SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Par défaut : <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr "base_directory (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -1908,17 +2190,17 @@ msgstr ""
"replaceable> et l'utilise comme dossier personnel."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr "Par défaut : <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr "create_homedir (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -1927,17 +2209,17 @@ msgstr ""
"utilisateurs. Peut être outrepassé par la ligne de commande."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr "Par défaut : TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr "remove_homedir (booléen)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -1946,12 +2228,12 @@ msgstr ""
"suppression des utilisateurs. Peut être outrepassé par la ligne de commande."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr "homedir_umask (entier)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1962,17 +2244,17 @@ msgstr ""
"défaut sur un répertoire personnel nouvellement créé."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr "Par défaut : 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr "skel_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1985,17 +2267,17 @@ msgstr ""
"manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Par défaut : <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr "mail_dir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2006,17 +2288,17 @@ msgstr ""
"par défaut est utilisée."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr "Par défaut : <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (chaîne)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2027,18 +2309,18 @@ msgstr ""
"commande n'est pas pris en compte."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr "Par défaut : None, aucune commande lancée"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr "EXEMPLE"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2092,7 +2374,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2105,7 +2387,7 @@ msgstr ""
"\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2341,16 +2623,28 @@ msgstr "ldap_schema (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:161
+#, fuzzy
+#| msgid ""
+#| "Specifies the Schema Type in use on the target LDAP server. Depending on "
+#| "the selected schema, the default attribute names retrieved from the "
+#| "servers may vary. The way that some attributes are handled may also "
+#| "differ. Three schema types are currently supported: rfc2307 rfc2307bis "
+#| "IPA The main difference between these schema types is how group "
+#| "memberships are recorded in the server. With rfc2307, group members are "
+#| "listed by name in the <emphasis>memberUid</emphasis> attribute. With "
+#| "rfc2307bis and IPA, group members are listed by DN and stored in the "
+#| "<emphasis>member</emphasis> attribute."
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
"Spécifie le schéma type à utiliser pour le serveur LDAP cible. Selon le "
"schéma choisi, l'attribut nom par défaut recherché sur les serveurs peut "
@@ -2363,58 +2657,58 @@ msgstr ""
"l'attribut <emphasis>membre</emphasis>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr "Par défaut : rfc2307"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr "ldap_default_bind_dn (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
"La liaison DN par défaut à utiliser pour effectuer les opérations LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr "ldap_default_authtok_type (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr "Le type de jeton d'authentification pour le lien DN par défaut."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr "Les deux mécanismes actuellement pris en charge sont :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr "password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr "obfuscated_password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr "Par défaut : password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr "ldap_default_authtok (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
@@ -2423,137 +2717,160 @@ msgstr ""
"de passe en clair sont actuellement pris en charge."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr "ldap_user_object_class (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr "La classe objet d'une entrée utilisateur dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr "Par défaut: posixAccount"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr "ldap_user_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr "l'attribut LDAP correspondant au nom de connexion utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr "Par défaut : uid"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr "ldap_user_uid_number (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr "L'attribut LDAP correspondant à l'id utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr "par défaut : uidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr "ldap_user_gid_number (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
"L'attribut LDAP correspondant à l'utilisateur ayant l'id du groupe primaire."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr "Par défaut : gidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr "ldap_user_gecos (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr "L'attribut LDAP correspondant au champ gecos de l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr "Par défaut : gecos"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr "ldap_user_home_directory (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
"L'attribut LDAP qui contient le nom du répertoire personnel de l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr "Par défaut : Répertoire_personnel"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr "ldap_user_shell (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
"L'attribut LDAP qui contient le chemin vers l'interpréteur de commandes de "
"l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr "Par défaut : loginShell"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr "ldap_user_uuid (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
"L'attribut LDAP qui contient les UUID/GUID d'un objet utilisateur LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr "Par défaut : nsUniqueId"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+#, fuzzy
+#| msgid "ldap_user_object_class (string)"
+msgid "ldap_user_objectsid (string)"
+msgstr "ldap_user_object_class (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+"L'attribut LDAP qui contient les UUID/GUID d'un objet utilisateur LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -2562,17 +2879,17 @@ msgstr ""
"l'objet parent."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr "Par défaut : modifyTimestamp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr "ldap_user_shadow_last_change (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2585,17 +2902,17 @@ msgstr ""
"du dernier mot de passe)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr "Par défaut : shadowLastChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr "ldap_user_shadow_min (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2608,17 +2925,17 @@ msgstr ""
"minimum du mot de passe)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr "Par défaut : shadowMin"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr "ldap_user_shadow_max (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2631,17 +2948,17 @@ msgstr ""
"de passe)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr "Par défaut : shadowMax"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr "ldap_user_shadow_warning (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2654,17 +2971,17 @@ msgstr ""
"d'avertissement du mot de passe)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr "Par défaut : shadowWarning"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr "ldap_user_shadow_inactive (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2677,17 +2994,17 @@ msgstr ""
"d'inactivité du mot de passe)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr "Par défaut : shadowInactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr "ldap_user_shadow_expire (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2700,17 +3017,17 @@ msgstr ""
"citerefentry> (date d'expiration du compte)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr "Par défaut : shadowExpire"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr "ldap_user_krb_last_pwd_change (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2721,17 +3038,17 @@ msgstr ""
"passe dans kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr "Par défaut : krbLastPwdChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr "ldap_user_krb_password_expiration (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
@@ -2741,17 +3058,17 @@ msgstr ""
"actuel."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr "Par défaut : krbPasswordExpiration"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr "ldap_user_ad_account_expires (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
@@ -2760,17 +3077,17 @@ msgstr ""
"d'un attribut LDAP stockant la date d'expiration du compte."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr "Par défaut : accountExpires"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr "ldap_user_ad_user_account_control (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
@@ -2779,17 +3096,17 @@ msgstr ""
"d'un attribut LDAP stockant le champ de contrôle du compte utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr "Par défaut : userAccountControl"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr "ldap_ns_account_lock (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
@@ -2798,17 +3115,17 @@ msgstr ""
"détermine si l'accès est autorisé ou non."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr "Par défaut : nsAccountLock"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr "ldap_user_nds_login_disabled (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
@@ -2817,17 +3134,17 @@ msgstr ""
"l'accès est autorisé ou non."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr "Par défaut : loginDisabled"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr "ldap_user_nds_login_expiration_time (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
@@ -2836,12 +3153,12 @@ msgstr ""
"quand l'accès est autorisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr "ldap_user_nds_login_allowed_time_map (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
@@ -2850,17 +3167,17 @@ msgstr ""
"heures de la semaine auxquelles l'accès est autorisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr "Par défaut : loginAllowedTimeMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr "ldap_user_principal (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
@@ -2869,27 +3186,27 @@ msgstr ""
"de l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr "Par défaut : krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2902,29 +3219,29 @@ msgstr ""
"utiliseur une version en majuscule."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr "Par défaut : 300"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2935,55 +3252,55 @@ msgstr ""
"connectés) et les supprimer pour sauvegarder de l'espace."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
"Mettre cette option à zéro désactive l'opération de nettoyage du cache."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr "Par défaut : 1800 (12 heures)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "L'attribut LDAP qui correspond au nom complet de l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr "Par défaut : cn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr "ldap_user_member_of (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr "L'attribut LDAP qui liste l'appartenance au groupe de l'utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr "Par défaut : memberOf"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr "ldap_user_authorized_service (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2994,7 +3311,7 @@ msgstr ""
"l'utilisateur pour déterminer les autorisations d'accès."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
@@ -3003,17 +3320,17 @@ msgstr ""
"autorisation explicite (svc) et enfin toutes les autorisations (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr "Par défaut : authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3024,7 +3341,7 @@ msgstr ""
"déterminer les autorisations d'accès."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
@@ -3033,82 +3350,99 @@ msgstr ""
"autorisations explicites (host) et enfin toutes les autorisations (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr "Par défaut : host"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr "ldap_group_object_class (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr "La classe objet d'une entrée de groupe dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr "Par défaut : posixGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr "ldap_group_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr "L'attribut LDAP qui correspond au nom du groupe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr "ldap_group_gid_number (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr "L'attribut LDAP qui correspond à l'identifiant de groupe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr "ldap_group_member (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr "L'attribut LDAP qui contient les noms des membres de groupe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr "Par défaut : uid de membre (rfc2307) / membre (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr "ldap_group_uuid (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr "L'attribut LDAP qui contient les UUID/GUID d'un groupe objet LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+#, fuzzy
+#| msgid "ldap_group_object_class (string)"
+msgid "ldap_group_objectsid (string)"
+msgstr "ldap_group_object_class (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr "L'attribut LDAP qui contient les UUID/GUID d'un groupe objet LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr "ldap_group_modify_timestamp (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3119,72 +3453,72 @@ msgstr ""
"suivre. Cette option n'a pas d'effet sur le schéma RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr "Par défaut : 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr "La classe d'objet d'une entrée de groupe réseau dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr "Par défaut : nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "L'attribut LDAP qui correspond au nom du groupe réseau."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr "L'attribut LDAP qui contient les noms des membres de groupe réseau."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr "Par défaut : memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
@@ -3192,128 +3526,128 @@ msgstr ""
"groupe réseau."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr "Par défaut : nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
"L'attribut LDAP qui contient les UUID/GUID d'un objet LDAP de groupe réseau."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Par défaut : la valeur de <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3324,7 +3658,7 @@ msgstr ""
"cache (et le mode hors ligne est activé)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3335,17 +3669,17 @@ msgstr ""
"différentes recherches."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr "Par défaut : 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3355,18 +3689,13 @@ msgstr ""
"sur les utilisateurs et groupes avant qu'elles se terminent et que les "
"résultats mis en cache soient retournés (et le mode hors ligne est activé)"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr "Par défaut : 60"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3383,12 +3712,12 @@ msgstr ""
"inactif."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3399,12 +3728,12 @@ msgstr ""
"contrôler le délai de communication avec le KDC dans le cas d'un appel SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3413,17 +3742,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr "Par défaut : 900 (15 minutes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -3433,17 +3762,17 @@ msgstr ""
"requête."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr "Par défaut : 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3451,27 +3780,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3483,13 +3835,13 @@ msgstr ""
"individuellement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3502,7 +3854,7 @@ msgstr ""
"acceptés sont 389/RHDS, OpenLDAP et Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3510,12 +3862,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -3524,7 +3876,7 @@ msgstr ""
"session TLS, si elle existe. Une des valeurs suivantes est utilisable :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -3533,7 +3885,7 @@ msgstr ""
"quelconque certificat du serveur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3544,7 +3896,7 @@ msgstr ""
"certificat est fournit, il est ignoré et la session continue normalement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3555,7 +3907,7 @@ msgstr ""
"certificat est fournit, la session se termine immédiatement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3566,22 +3918,22 @@ msgstr ""
"immédiatement."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr "Par défaut : hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -3590,7 +3942,7 @@ msgstr ""
"certificats que <command>sssd</command> reconnaîtra."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -3599,12 +3951,12 @@ msgstr ""
"<filename>/etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3618,38 +3970,39 @@ msgstr ""
"corrects."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr "Définit le fichier qui contient le certificat pour la clef client."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr "Par défaut : non défini"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr "Définit le fichier qui contient la clef client."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3660,12 +4013,12 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> pour le format."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -3674,12 +4027,32 @@ msgstr ""
"<systemitem class=\"protocol\">tls</systemitem> pour protéger le canal."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1318
+#, fuzzy
+#| msgid "ldap_id_use_start_tls (boolean)"
+msgid "ldap_id_mapping (boolean)"
+msgstr "ldap_id_use_start_tls (booléen)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1321
+msgid ""
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1337
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1340
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -3687,18 +4060,13 @@ msgstr ""
"Définit le mécanisme SASL à utiliser. Actuellement, seul GSSAPI est testé et "
"pris en charge."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr "Par défaut : aucun"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
@@ -3708,51 +4076,51 @@ msgstr ""
"dossier."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr "Par défaut : hôte/machine.fqdn@DOMAINE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "Définit le fichier keytab à utiliser pour utiliser SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5."
"keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3763,27 +4131,27 @@ msgstr ""
"que le mécanisme choisit est GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Définit la durée de vie, en secondes, des TGT si GSSAPI est utilisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr "Par défaut : 86400 (24 heures)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr "krb5_server (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3795,7 +4163,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3806,7 +4174,7 @@ msgstr ""
"passe sur _tcp si aucune entrée n'est trouvée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3818,40 +4186,40 @@ msgstr ""
"l'utilisation de <quote>krb5_server</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "Définit le DOMAINE de Kerberos (pour l'authentification SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Par défaut : système par défaut, voir <filename>/etc/krb5.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -3860,7 +4228,7 @@ msgstr ""
"valeurs suivantes sont acceptées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -3869,7 +4237,7 @@ msgstr ""
"peut pas désactiver la politique sur les mots de passe du côté serveur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3877,7 +4245,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3888,17 +4256,17 @@ msgstr ""
"chpass_provider=krb5 ces attributs lorsque le mot de passe est changé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr "Définit si le référencement automatique doit être activé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -3906,30 +4274,39 @@ msgstr ""
"Veuillez noter que sssd ne supporte que le référencement quand il est "
"compilé avec OpenLDAP version 2.4.13 ou supérieur."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Définit le nom de service à utiliser quand la découverte de services est "
"activée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr "Par défaut : ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -3938,39 +4315,34 @@ msgstr ""
"un changement de mot de passe quand la découverte de services est activée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
"Par défaut : non défini, c'est-à-dire que le service de découverte est "
"désactivé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
-"Si access_provider = ldap, cette option est obligatoire. Elle spécifie un "
-"critère de filtre LDAP requit par l'utilisateur pour avoir un accès sur cet "
-"hôte. Si access_provider = ldap et que cette option n'est pas définie, tous "
-"les utilisateurs seront refusés. Utilisez access_provider = allow pour "
-"changer ce comportement par défaut."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr "Exemple:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3982,7 +4354,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
@@ -3991,7 +4363,7 @@ msgstr ""
"utilisateurs_autorisés » dans LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4003,17 +4375,17 @@ msgstr ""
"l'accès sera conservé en mode hors-ligne et vice-versa."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr "Par défaut : vide"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -4022,7 +4394,7 @@ msgstr ""
"être activée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4034,12 +4406,12 @@ msgstr ""
"correct."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr "Les valeurs suivantes sont autorisées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -4048,7 +4420,7 @@ msgstr ""
"ldap_user_shadow_expire pour déterminer si le compte a expiré."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4061,7 +4433,7 @@ msgstr ""
"période d'expiration du compte est aussi vérifiée."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4072,7 +4444,7 @@ msgstr ""
"l'accès est autorisé ou non."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4085,29 +4457,29 @@ msgstr ""
"est autorisé. Si les deux attributs sont manquants l'accès est autorisé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Liste des options de contrôles d'accès, séparées par des virgules. Valeurs "
"autorisées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis> : utilise ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>expire</emphasis>: utilise ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -4116,18 +4488,18 @@ msgstr ""
"de service pour déterminer l'accès"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis> : utilise l'attribut d'hôte pour déterminer l'accès"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr "Par défaut : filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -4136,12 +4508,12 @@ msgstr ""
"de configuration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr "ldap_deref (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -4150,12 +4522,12 @@ msgstr ""
"recherche. Les options suivantes sont autorisées :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -4165,7 +4537,7 @@ msgstr ""
"la recherche lui-même."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -4174,7 +4546,7 @@ msgstr ""
"la localisation de l'objet de base de la recherche."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -4183,7 +4555,7 @@ msgstr ""
"recherche et en localisant l'objet de base de la recherche."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -4207,212 +4579,212 @@ msgstr ""
"détails. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4421,76 +4793,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -4499,17 +4871,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr "OPTIONS AVANCÉES"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
@@ -4517,36 +4889,36 @@ msgstr ""
"un sous-domaine spécifique."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
"Une base DN optionnelle pour restreindre les recherches utilisateur à un "
"sous-domaine spécifique."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
"Une base DN optionnelle pour restreindre les recherches de groupe à un sous-"
"domaine spécifique."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr "ldap_user_search_filter (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
@@ -4555,14 +4927,14 @@ msgstr ""
"restreint les recherches utilisateur."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -4572,7 +4944,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
@@ -4581,12 +4953,12 @@ msgstr ""
"qui ont leur interpréteur de commande définit sur /bin/tcsh."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr "ldap_group_search_filter (chaînes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
@@ -4595,36 +4967,36 @@ msgstr ""
"restreint les recherches de groupe."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4636,7 +5008,7 @@ msgstr ""
"\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4646,7 +5018,7 @@ msgstr ""
"sur un des domaines de la section <replaceable>[domains]</replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4667,19 +5039,19 @@ msgstr ""
" cache_credentials = true\n"
" enumerate = true\n"
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr "NOTES"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4692,7 +5064,7 @@ msgstr ""
"OpenLDAP 2.4."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -5323,19 +5695,38 @@ msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "ipa_subdomains_search_base (string)"
+msgstr "ipa_hbac_search_base (chaîne)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+#, fuzzy
+#| msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr "Par défaut : la valeur de <emphasis>ldap_search_base</emphasis>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr "Vérifie avec l'aide de krb5_keytab que le TGT obtenu n'est pas usurpé."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -5344,7 +5735,7 @@ msgstr ""
"original."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
@@ -5353,7 +5744,7 @@ msgstr ""
"<quote>ipa_domain</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
@@ -5362,7 +5753,7 @@ msgstr ""
"convertit en la base DN pour effectuer des opérations LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5370,12 +5761,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (entier)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -5386,17 +5777,17 @@ msgstr ""
"requêtes de contrôle d'accès pendant une courte période."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr "Par défaut : 5 (secondes)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5410,7 +5801,7 @@ msgstr ""
"client supportera deux modes opératoires pendant cette transition :"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
@@ -5419,7 +5810,7 @@ msgstr ""
"tous les utilisateurs ne pourront pas se connecter."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -5428,299 +5819,299 @@ msgstr ""
"Faites attention avec cette option, elle peut fournir des accès non-prévus."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr "Par défaut : DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr "ipa_hbac_support_srchost (booléen)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr "ipa_netgroup_member_of (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr "ipa_netgroup_member_user (chaîne)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -5731,7 +6122,7 @@ msgstr ""
"exemples montrent seulement les options spécifiques au fournisseur IPA."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -5745,7 +6136,7 @@ msgstr ""
" ipa_hostname = mon_hôte.exemple.com\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -5840,11 +6231,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Par défaut : 0"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -6325,7 +6711,7 @@ msgstr ""
"valeur par défaut du système est utilisée."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6891,7 +7277,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6988,7 +7374,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -7039,7 +7425,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -7095,7 +7481,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -7198,7 +7584,7 @@ msgid "The SELinux user for the user's login."
msgstr "L'utilisateur SELinux pour la connexion utilisateur."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -7317,13 +7703,75 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
+#, fuzzy
+#| msgid ""
+#| "<option>-s</option>,<option>--shell</option> <replaceable>SHELL</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
"replaceable>"
msgstr ""
+"<option>-s</option>,<option>--shell</option> "
+"<replaceable>INTERPRÉTEUR_DE_COMMANDE</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:113
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+#, fuzzy
+#| msgid "<option>-f</option>,<option>--force</option>"
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr "<option>-f</option>,<option>--force</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+#, fuzzy
+#| msgid ""
+#| "<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+#, fuzzy
+#| msgid "<option>-D</option>,<option>--daemon</option>"
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr "<option>-D</option>,<option>--daemon</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -7548,7 +7996,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr "Configuration"
@@ -7664,6 +8112,253 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+#, fuzzy
+#| msgid "Configuration"
+msgid "Advanced Configuration"
+msgstr "Configuration"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_min (integer)"
+msgstr "ldap_page_size (entier)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 10001"
+msgstr "Par défaut : 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_max (integer)"
+msgstr "ldap_page_size (entier)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 2000100000"
+msgstr "Par défaut : 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_size (integer)"
+msgstr "ldap_page_size (entier)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 200000"
+msgstr "Par défaut : 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+#, fuzzy
+#| msgid "ldap_default_bind_dn (string)"
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr "ldap_default_bind_dn (chaîne)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+#, fuzzy
+#| msgid "ldap_default_bind_dn (string)"
+msgid "ldap_idmap_default_domain (string)"
+msgstr "ldap_default_bind_dn (chaîne)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+#, fuzzy
+#| msgid "The type of the authentication token of the default bind DN."
+msgid "Specify the name of the default domain."
+msgstr "Le type de jeton d'authentification pour le lien DN par défaut."
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+#, fuzzy
+#| msgid "ldap_id_use_start_tls (boolean)"
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr "ldap_id_use_start_tls (booléen)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -7783,3 +8478,33 @@ msgid ""
"<emphasis> This is an experimental feature, please use http://fedorahosted."
"org/sssd to report any issues. </emphasis>"
msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
+
+#~ msgid "Default: 7"
+#~ msgstr "Par défaut : 7"
+
+#~ msgid "<quote>permit</quote> always allow access."
+#~ msgstr "<quote>permit</quote> autoriser l'accès de manière permanente."
diff --git a/src/man/po/ja.po b/src/man/po/ja.po
index ffa0e593..40c9d477 100644
--- a/src/man/po/ja.po
+++ b/src/man/po/ja.po
@@ -10,8 +10,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-09 23:57+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-23 00:55+0000\n"
"Last-Translator: Tomoyuki KATO <tomo@dream.daynight.jp>\n"
"Language-Team: Japanese <trans-ja@lists.fedoraproject.org>\n"
"Language: ja\n"
@@ -129,18 +129,18 @@ msgstr ""
"グループから削除します。"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr "関連項目"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -264,7 +264,7 @@ msgid "The [sssd] section"
msgstr "[sssd] セクション"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr "セクションのパラメーター"
@@ -296,18 +296,21 @@ msgstr "sssd 自身が開始するときに開始されるサービスのカン
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
"サポートされるサービス: nss, pam <phrase condition=\"with_sudo\">, sudo</"
-"phrase>"
+"phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
+"condition=\"with_ssh\">, ssh</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -316,17 +319,17 @@ msgstr ""
"める前に試行する回数です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr "初期値: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr "domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -338,12 +341,12 @@ msgstr ""
"始できません。このパラメーターは検索したいドメインの一覧を表されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr "re_expression (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
@@ -352,7 +355,7 @@ msgstr ""
"を表す正規表現です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -363,7 +366,7 @@ msgstr ""
"everything after that\" に解釈されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -371,7 +374,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -380,12 +383,12 @@ msgstr ""
"Python 構文 (?P&lt;name&gt;) のみをサポートします。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr "full_name_format (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -396,17 +399,17 @@ msgstr ""
"citerefentry> 互換の形式です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "初期値: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr "try_inotify (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -419,7 +422,7 @@ msgstr ""
"フォールバックします。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -430,7 +433,7 @@ msgstr ""
"です"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -439,7 +442,7 @@ msgstr ""
"トフォームにおいては偽です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -448,12 +451,12 @@ msgstr ""
"ません。これらのプラットフォームにおいては、ポーリングが常に使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -462,7 +465,7 @@ msgstr ""
"クトリーです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -471,7 +474,7 @@ msgstr ""
"よう SSSD に指示する、特別な値 __LIBKRB5_DEFAULTS__ を受け付けます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -479,6 +482,29 @@ msgstr ""
"初期値: ディストリビューション固有かつ構築時に指定されます。 (設定されていな"
"ければ __LIBKRB5_DEFAULTS__ です)"
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "force_timeout (integer)"
+msgstr "timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr "初期値: 60"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -496,12 +522,12 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr "サービスセクション"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -513,61 +539,80 @@ msgstr ""
"ば、NSS サービスは <quote>[nss]</quote> セクションです"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr "サービス設定の全体オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr "これらのオプションはすべてのサービスを設定するために使用できます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr "debug_level (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr "デバッグメッセージに日時を追加します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr "初期値: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr "デバッグメッセージの日時にマイクロ秒を追加します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr "初期値: false"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
+msgstr "timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:278
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
+msgstr "初期値: 10"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:301
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:304
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -577,39 +622,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
+#: sssd.conf.5.xml:313
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
-msgstr "command (文字列)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-"初期状態で、このサービスを代表する実行可能なものは <command>sssd_"
-"${service_name}</command> と呼ばれます。このディレクティブにより、サービスの"
-"実行可能なものの名前を変更できます。設定の大半は、初期値で十分です。"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr "初期値: <command>sssd_${service_name}</command>"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr "NSS 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -617,12 +640,12 @@ msgstr ""
"きます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -631,17 +654,17 @@ msgstr ""
"要求)。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr "初期値: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -652,7 +675,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -667,7 +690,7 @@ msgstr ""
"とをブロックする必要がありません。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -680,17 +703,17 @@ msgstr ""
"(0 はこの機能を無効にします)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr "初期値: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -701,17 +724,17 @@ msgstr ""
"せ)をキャッシュする秒数を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr "初期値: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -724,17 +747,17 @@ msgstr ""
"飾名を含めることができます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr "初期値: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -742,62 +765,62 @@ msgstr ""
"ションを偽に設定します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr "override_homedir (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr "%u"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr "ログイン名"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr "UID 番号"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr "%d"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr "ドメイン名"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr "%f"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr "完全修飾ユーザー名 (user@domain)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr "%%"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr "文字 '%'"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -808,17 +831,42 @@ msgstr ""
"type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr "このオプションはドメインごとに設定できます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+#, fuzzy
+#| msgid "mail_dir (string)"
+msgid "fallback_homedir (string)"
+msgstr "mail_dir (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr "allowed_shells (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -826,13 +874,13 @@ msgstr ""
"す:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
"1. シェルが <quote>/etc/shells</quote> に存在すると、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -841,7 +889,7 @@ msgstr ""
"ば、shell_fallback パラメーターの値を使用します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -850,12 +898,12 @@ msgstr ""
"ば、nologin シェルが使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr "シェルの空文字列は libc にそのまま渡されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -865,27 +913,27 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr "初期値: 設定されません。ユーザーシェルが自動的に使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "これらのシェルのインスタンスをすべて shell_fallback に置き換えます"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr "shell_fallback (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -893,17 +941,52 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr "初期値: /bin/sh"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+#, fuzzy
+#| msgid "default_shell (string)"
+msgid "default_shell"
+msgstr "default_shell (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+#, fuzzy
+#| msgid "entry_negative_timeout (integer)"
+msgid "get_domains_timeout (int)"
+msgstr "entry_negative_timeout (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr "PAM 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -912,12 +995,12 @@ msgstr ""
"ために使用できます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -926,17 +1009,17 @@ msgstr ""
"ラインログインの最終成功からの日数)です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr "初期値: 0 (無制限)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -944,12 +1027,12 @@ msgstr ""
"認証プロバイダーがオフラインの場合、ログイン試行の失敗が許容される回数です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -958,7 +1041,7 @@ msgstr ""
"渡される分単位の時間です。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -969,17 +1052,17 @@ msgstr ""
"効にできます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr "初期値: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -988,42 +1071,42 @@ msgstr ""
"きいほどメッセージが表示されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr "現在 sssd は以下の値をサポートします:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: 何もメッセージを表示しない"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: 重要なメッセージのみを表示する"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: 情報レベルのメッセージを表示する"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr "<emphasis>3</emphasis>: すべてのメッセージとデバッグ情報を表示する"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr "初期値: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1033,7 +1116,7 @@ msgstr ""
"されるよう、SSSD は直ちにキャッシュされた識別情報を更新しようとします。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1046,17 +1129,17 @@ msgstr ""
"アプリケーションごとに)制御します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (整数)"
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr "パスワードの期限が切れる前に N 日間警告を表示します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1065,28 +1148,42 @@ msgstr ""
"バックエンドのサーバーがパスワードの有効期間に関する情報を提供する必要がある"
"ことに注意してください。この情報がなければ、sssd は警告を表示します。"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
-msgstr "初期値: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "初期値: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr "SUDO 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr "これらのオプションは sudo サービスを設定するために使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr "sudo_cache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -1096,7 +1193,7 @@ msgstr ""
"セットを持つよう、SSSD はキャッシュされたルールを更新しようとします。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -1108,7 +1205,7 @@ msgstr ""
"応答を返すために使用されるインメモリーキャッシュを保持します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
@@ -1117,17 +1214,17 @@ msgstr ""
"位)を制御します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr "初期値: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr "sudo_timed (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1136,22 +1233,22 @@ msgstr ""
"を評価するかしないかです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr "Autofs 設定オプション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr "これらのオプションが autofs サービスを設定するために使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1161,18 +1258,46 @@ msgstr ""
"効なマップエントリーに対する問い合わせ)が再びバックエンドに問い合わせる前に"
"ヒットする秒数を指定します。"
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+#, fuzzy
+#| msgid "NSS configuration options"
+msgid "SSH configuration options"
+msgstr "NSS 設定オプション"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+#, fuzzy
+#| msgid "These options can be used to configure the sudo service."
+msgid "These options can be used to configure the SSH service."
+msgstr "これらのオプションは sudo サービスを設定するために使用されます。"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+#, fuzzy
+#| msgid "sss_ssh_knownhostsproxy"
+msgid "ssh_hash_known_hosts (bool)"
+msgstr "sss_ssh_knownhostsproxy"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr "ドメインセクション"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1181,7 +1306,7 @@ msgstr ""
"トリーを含む場合、それは無視されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1193,36 +1318,17 @@ msgstr ""
"バーに対して、範囲内にあるものは予期されたものとして報告されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "初期値: min_id は 1, max_id は 0 (無制限)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr "timeout (整数)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-"このドメインに対するハートビート間隔(秒単位)。バックエンドのプロセスが有効"
-"であり、要求に答えられる能力があることを確実にするために使用されます。"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr "初期値: 10"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr "enumerate (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1231,22 +1337,22 @@ msgstr ""
"必要があります:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = ユーザーとグループが列挙されます"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = このドメインに対して列挙しません"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr "初期値: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1260,7 +1366,7 @@ msgstr ""
"は遅いかもしれません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1269,7 +1375,7 @@ msgstr ""
"れが完了するまで結果を返しません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1282,12 +1388,12 @@ msgstr ""
"てください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1296,17 +1402,17 @@ msgstr ""
"数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr "初期値: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -1315,18 +1421,18 @@ msgstr ""
"考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr "初期値: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -1335,12 +1441,12 @@ msgstr ""
"考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -1349,12 +1455,12 @@ msgstr ""
"有効であると考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -1363,30 +1469,30 @@ msgstr ""
"考える秒数です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr "cache_credentials (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"ユーザーのクレディンシャルがローカル LDB キャッシュにキャッシュされるかどうか"
"を決めます"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"ユーザーのクレディンシャルが、平文ではなく SHA512 ハッシュで保存されます"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1398,48 +1504,85 @@ msgstr ""
"offline_credentials_expiration と同等以上でなければいけません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr "初期値: 0 (無制限)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+#, fuzzy
+#| msgid "pam_pwd_expiration_warning (integer)"
+msgid "pwd_expiration_warning (integer)"
+msgstr "pam_pwd_expiration_warning (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+#, fuzzy
+#| msgid ""
+#| "Please note that the backend server has to provide information about the "
+#| "expiration time of the password. If this information is missing, sssd "
+#| "cannot display a warning."
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+"バックエンドのサーバーがパスワードの有効期間に関する情報を提供する必要がある"
+"ことに注意してください。この情報がなければ、sssd は警告を表示します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+#, fuzzy
+#| msgid "Default: memberHost"
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr "初期値: memberHost"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr "id_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
"このドメインに対して使用するデータプロバイダーの識別情報のバックエンドです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr "サポートするバックエンド:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr "proxy: レガシーな NSS プロバイダーのサポート"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr "local: SSSD 内部ローカルプロバイダー"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr "ldap: LDAP プロバイダー"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1452,12 +1595,12 @@ msgstr ""
"んが、<command>getent passwd test@LOCAL</command> は見つけられます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr "auth_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -1466,7 +1609,7 @@ msgstr ""
"ダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1477,7 +1620,7 @@ msgstr ""
"manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1488,19 +1631,19 @@ msgstr ""
"manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
"<quote>proxy</quote> はいくつかの他の PAM ターゲットに認証を中継します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> は明示的に認証を無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -1509,12 +1652,12 @@ msgstr ""
"ならば、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr "access_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1525,17 +1668,19 @@ msgstr ""
"えます)。内部の特別プロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
-msgstr "<quote>permit</quote> は常にアクセスを許可します。"
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> は常にアクセスを拒否します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1548,17 +1693,17 @@ msgstr ""
"citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr "初期値: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr "chpass_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -1567,7 +1712,7 @@ msgstr ""
"パスワード変更プロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1578,7 +1723,7 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1589,7 +1734,7 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1600,7 +1745,7 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
@@ -1608,12 +1753,12 @@ msgstr ""
"します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "<quote>none</quote> は明示的にパスワードの変更を無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -1622,19 +1767,19 @@ msgstr ""
"うことができるならば、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr "sudo_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"ドメインに使用される SUDO プロバイダーです。サポートされる SUDO プロバイダー"
"は次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1645,23 +1790,23 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote> は SUDO を明示的に無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"初期値: <quote>id_provider</quote> の値が設定されていると使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr "session_provider (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
@@ -1670,7 +1815,7 @@ msgstr ""
"ンプロバイダーは次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1681,13 +1826,13 @@ msgstr ""
"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
"<quote>none</quote> はセッションの設定の取り出しを明示的に無効化します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
@@ -1696,12 +1841,122 @@ msgstr ""
"いできる場合、それが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+#, fuzzy
+#| msgid "sudo_provider (string)"
+msgid "subdomains_provider (string)"
+msgstr "sudo_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+#, fuzzy
+#| msgid ""
+#| "The provider which should handle loading of session settings. Supported "
+#| "session providers are:"
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+"セッションの設定の読み込みを処理するプロバイダーです。サポートされるセッショ"
+"ンプロバイダーは次のとおりです:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote> to load session settings from an IPA server. See "
+#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring IPA."
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+"<quote>ipa</quote> は IPA サーバーからセッションの設定を読み込みます。IPA の"
+"設定に関する詳細は <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> を参照してください。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+#, fuzzy
+#| msgid "<quote>none</quote> disallows fetching session settings explicitly."
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+"<quote>none</quote> はセッションの設定の取り出しを明示的に無効化します。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr "初期値: none"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr "autofs_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+"ドメインに対して使用される autofs プロバイダーです。 サポートされる autofs "
+"プロバイダーは次のとおりです:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr "<quote>none</quote> は明示的に autofs を無効にします。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr "hostid_provider (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+"ホスト識別情報を取得するために使用されるプロバイダーです。 サポートされる "
+"hostid プロバイダーは次のとおりです:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr "<quote>none</quote> は明示的に hostid を無効にします。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -1710,46 +1965,46 @@ msgstr ""
"します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr "サポートする値:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first: IPv4 アドレスの検索を試行します。失敗すると IPv6 を試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
"ipv4_only: ホスト名を IPv4 アドレスに名前解決することのみを試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first: IPv6 アドレスの検索を試行します。失敗すると IPv4 を試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
"ipv6_only: ホスト名を IPv6 アドレスに名前解決することのみを試行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr "初期値: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1760,12 +2015,12 @@ msgstr ""
"ドにて操作を継続します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -1774,27 +2029,27 @@ msgstr ""
"イン部分を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr "初期値: マシンのホスト名のドメイン部分を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr "override_gid (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr "プライマリー GID の値を指定されたもので上書きします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr "case_sensitive (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
@@ -1803,12 +2058,46 @@ msgstr ""
"このオプションはローカルプロバイダーにおいてサポートされません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr "初期値: True"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+#, fuzzy
+#| msgid "override_homedir (string)"
+msgid "subdomain_homedir (string)"
+msgstr "override_homedir (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1819,17 +2108,17 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr "中継するプロキシターゲット PAM です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -1838,12 +2127,12 @@ msgstr ""
"をここに追加する必要があります。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1854,7 +2143,7 @@ msgstr ""
"_nss_files_getpwent です。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -1863,12 +2152,12 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr "ローカルドメインのセクション"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1879,27 +2168,27 @@ msgstr ""
"メインに対する設定を含みます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr "default_shell (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr "SSSD ユーザー空間ツールを用いて作成されたユーザーの初期シェルです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr "初期値: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr "base_directory (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -1908,17 +2197,17 @@ msgstr ""
"ホームディレクトリーとして使用します。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr "初期値: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr "create_homedir (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -1927,17 +2216,17 @@ msgstr ""
"す。コマンドラインにおいて上書きできます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr "初期値: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr "remove_homedir (論理値)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -1946,12 +2235,12 @@ msgstr ""
"す。コマンドラインにおいて上書きできます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr "homedir_umask (整数)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1962,17 +2251,17 @@ msgstr ""
"manvolnum> </citerefentry> により使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr "初期値: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr "skel_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1985,17 +2274,17 @@ msgstr ""
"を含む、スケルトンディレクトリーです。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr "初期値: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr "mail_dir (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2006,17 +2295,17 @@ msgstr ""
"が使用されます。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr "初期値: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (文字列)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2027,18 +2316,18 @@ msgstr ""
"せん。"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr "初期値: なし、コマンドを実行しません"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr "例"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2092,7 +2381,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2104,7 +2393,7 @@ msgstr ""
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2337,16 +2626,28 @@ msgstr "ldap_schema (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:161
+#, fuzzy
+#| msgid ""
+#| "Specifies the Schema Type in use on the target LDAP server. Depending on "
+#| "the selected schema, the default attribute names retrieved from the "
+#| "servers may vary. The way that some attributes are handled may also "
+#| "differ. Three schema types are currently supported: rfc2307 rfc2307bis "
+#| "IPA The main difference between these schema types is how group "
+#| "memberships are recorded in the server. With rfc2307, group members are "
+#| "listed by name in the <emphasis>memberUid</emphasis> attribute. With "
+#| "rfc2307bis and IPA, group members are listed by DN and stored in the "
+#| "<emphasis>member</emphasis> attribute."
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
"ターゲット LDAP サーバーにおいて使用中のスキーマ形式を指定します。選択された"
"スキーマに応じて、サーバーから取得される属性名の初期変わります。処理されるい"
@@ -2358,57 +2659,57 @@ msgstr ""
"化され、<emphasis>member</emphasis> 属性に保存されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr "初期値: rfc2307"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr "ldap_default_bind_dn (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr "LDAP ユーザー操作を実行するために使用される初期バインド DN です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr "ldap_default_authtok_type (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr "初期バインド DN の認証トークンの形式です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr "現在 2 つのメカニズムがサポートされます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr "password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr "obfuscated_password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr "初期値: password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr "ldap_default_authtok (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
@@ -2417,149 +2718,171 @@ msgstr ""
"在サポートされます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr "ldap_user_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr "LDAP にあるユーザーエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr "初期値: posixAccount"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr "ldap_user_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr "ユーザーのログイン名に対応する LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr "初期値: uid"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr "ldap_user_uid_number (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr "ユーザーの ID に対応する LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr "初期値: uidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr "ldap_user_gid_number (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr "ユーザーのプライマリーグループ ID に対応する LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr "初期値: gidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr "ldap_user_gecos (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr "ユーザーの gecos 項目に対応する LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr "初期値: gecos"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr "ldap_user_home_directory (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr "ユーザーのホームディレクトリーの名前を含む LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr "初期値: homeDirectory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr "ldap_user_shell (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr "ユーザーの初期シェルのパスを含む LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr "初期値: loginShell"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr "ldap_user_uuid (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr "LDAP ユーザーオブジェクトの UUID/GUID を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr "初期値: nsUniqueId"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+#, fuzzy
+#| msgid "ldap_user_object_class (string)"
+msgid "ldap_user_objectsid (string)"
+msgstr "ldap_user_object_class (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr "LDAP ユーザーオブジェクトの UUID/GUID を含む LDAP 属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr "親オブジェクトの最終変更のタイムスタンプを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr "初期値: modifyTimestamp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr "ldap_user_shadow_last_change (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2572,17 +2895,17 @@ msgstr ""
"含みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr "初期値: shadowLastChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr "ldap_user_shadow_min (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2595,17 +2918,17 @@ msgstr ""
"みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr "初期値: shadowMin"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr "ldap_user_shadow_max (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2618,17 +2941,17 @@ msgstr ""
"みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr "初期値: shadowMax"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr "ldap_user_shadow_warning (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2641,17 +2964,17 @@ msgstr ""
"みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr "初期値: shadowWarning"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr "ldap_user_shadow_inactive (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2664,17 +2987,17 @@ msgstr ""
"みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr "初期値: shadowInactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr "ldap_user_shadow_expire (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2687,17 +3010,17 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr "初期値: shadowExpire"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr "ldap_user_krb_last_pwd_change (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2707,17 +3030,17 @@ msgstr ""
"の最終パスワード変更日時を保存する LDAP 属性の名前を含みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr "初期値: krbLastPwdChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr "ldap_user_krb_password_expiration (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
@@ -2726,17 +3049,17 @@ msgstr ""
"ワード失効日時を保存する LDAP 属性の名前を含みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr "初期値: krbPasswordExpiration"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr "ldap_user_ad_account_expires (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
@@ -2745,17 +3068,17 @@ msgstr ""
"失効日時を保存する LDAP 属性の名前を含みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr "初期値: accountExpires"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr "ldap_user_ad_user_account_control (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
@@ -2764,17 +3087,17 @@ msgstr ""
"ウントの制御ビット項目を保存する LDAP 属性の名前を含みます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr "初期値: userAccountControl"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr "ldap_ns_account_lock (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
@@ -2783,17 +3106,17 @@ msgstr ""
"ターがアクセスが許可されるかされないかを決定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr "初期値: nsAccountLock"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr "ldap_user_nds_login_disabled (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
@@ -2802,17 +3125,17 @@ msgstr ""
"かをこの属性が決定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr "初期値: loginDisabled"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr "ldap_user_nds_login_expiration_time (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
@@ -2821,12 +3144,12 @@ msgstr ""
"いつまで許可されるのかを決定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr "ldap_user_nds_login_allowed_time_map (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
@@ -2835,44 +3158,44 @@ msgstr ""
"れるときの一週間の日の時間を決定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr "初期値: loginAllowedTimeMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr "ldap_user_principal (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr "ユーザーの Kerberos User Principal Name (UPN) を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr "初期値: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr "ldap_user_ssh_public_key (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr "ユーザーの SSH 公開鍵を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2884,12 +3207,12 @@ msgstr ""
"場合、このオプションを 0 以外に設定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
@@ -2897,17 +3220,17 @@ msgstr ""
"SSSD が列挙レコードのキャッシュを更新する前に待つ必要がある秒数を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr "初期値: 300"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr "ldap_purge_cache_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2918,54 +3241,54 @@ msgstr ""
"削除する間隔を決めます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr "キャッシュ削除操作を無効にする 0 をこのオプションを設定する方法です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr "初期値: 10800 (12 時間)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "ユーザーの完全名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr "初期値: cn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr "ldap_user_member_of (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr "ユーザーのグループメンバーを一覧にする LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr "初期値: memberOf"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr "ldap_user_authorized_service (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2976,7 +3299,7 @@ msgstr ""
"authorizedService 属性を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
@@ -2985,17 +3308,17 @@ msgstr ""
"索します。最後にすべて許可 (*) を検索します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr "初期値: authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3006,7 +3329,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
@@ -3015,82 +3338,99 @@ msgstr ""
"索します。最後にすべて許可 (*) が検索されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr "初期値: host"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr "ldap_group_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr "LDAP にあるグループエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr "初期値: posixGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr "ldap_group_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr "グループ名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr "ldap_group_gid_number (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr "グループの ID に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr "ldap_group_member (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr "グループのメンバーの名前を含む LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr "初期値: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr "ldap_group_uuid (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr "LDAP グループオブジェクトの UUID/GUID を含む LDAP の属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+#, fuzzy
+#| msgid "ldap_group_object_class (string)"
+msgid "ldap_group_objectsid (string)"
+msgstr "ldap_group_object_class (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr "LDAP グループオブジェクトの UUID/GUID を含む LDAP の属性です。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr "ldap_group_modify_timestamp (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3101,74 +3441,74 @@ msgstr ""
"のオプションは RFC2307 スキーマにおいて効果がありません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr "初期値: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr "LDAP にあるネットワークグループエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
"IPA プロバイダーにおいては ipa_netgroup_object_class が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr "初期値: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "ネットワークグループ名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr "IPA プロバイダーにおいては ipa_netgroup_name が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr "ネットワークグループのメンバーの名前を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
"IPA プロバイダーにおいては ipa_netgroup_member が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr "初期値: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
@@ -3176,110 +3516,110 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr "このオプションは IPA プロバイダーにおいて利用可能ではありません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr "初期値: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
"LDAP ネットワークグループオブジェクトの UUID/GUID を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr "IPA プロバイダーにおいては ipa_netgroup_uuid が代わりに使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr "LDAP にあるサービスエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr "初期値: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr "サービス属性の名前とそのエイリアスを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "このサービスにより管理されるポートを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr "初期値: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr "このサービスにより認識されるプロトコルを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr "初期値: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
"サービス検索を指定したサブツリーに制限するためのオプションのベース DN です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
@@ -3288,19 +3628,19 @@ msgstr ""
"してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "初期値: <emphasis>ldap_search_base</emphasis> の値"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3308,7 +3648,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3319,35 +3659,30 @@ msgstr ""
"かもしれません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr "初期値: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr "初期値: 60"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3363,12 +3698,12 @@ msgstr ""
"citerefentry> が未使用を返した後のタイムアウト(秒単位)を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3378,12 +3713,12 @@ msgstr ""
"を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3392,17 +3727,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr "初期値: 900 (15 分)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -3411,17 +3746,17 @@ msgstr ""
"バーは 1 要求あたりの最大数の制限を強制します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr "初期値: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
+msgstr "ldap_disable_paging (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3432,7 +3767,7 @@ msgstr ""
"ことを報告する場合に、このオプションが使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -3442,7 +3777,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -3452,13 +3787,36 @@ msgstr ""
"負荷の高いクライアントにおいては、いくつかの要求が拒否される結果になる可能性"
"があります。"
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr "初期値: 偽"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr "ldap_sasl_minssf (整数)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3466,13 +3824,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3481,7 +3839,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3489,12 +3847,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -3503,7 +3861,7 @@ msgstr ""
"クするものを指定します。以下の値のうち 1 つを指定できます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -3512,7 +3870,7 @@ msgstr ""
"確認しません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3523,7 +3881,7 @@ msgstr ""
"無視され、セッションが通常通り進められます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3534,7 +3892,7 @@ msgstr ""
"ンが直ちに終了します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3544,22 +3902,22 @@ msgstr ""
"なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr "初期値: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -3569,7 +3927,7 @@ msgstr ""
"書を含むファイルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -3578,12 +3936,12 @@ msgstr ""
"filename> にあります"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3596,38 +3954,39 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr "クライアントのキーに対する証明書を含むファイルを指定します。"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr "初期値: 設定されません"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr "クライアントのキーを含むファイルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3638,12 +3997,12 @@ msgstr ""
"<manvolnum>5</manvolnum></citerefentry> を参照してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -3652,12 +4011,32 @@ msgstr ""
"用する必要がある id_provider 接続を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1318
+#, fuzzy
+#| msgid "ldap_disable_paging (boolean)"
+msgid "ldap_id_mapping (boolean)"
+msgstr "ldap_disable_paging (論理値)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1321
+msgid ""
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1337
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1340
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -3665,18 +4044,13 @@ msgstr ""
"使用する SASL メカニズムを指定します。現在 GSSAPI のみがテストされサポートさ"
"れます。"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr "初期値: none"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
@@ -3685,17 +4059,17 @@ msgstr ""
"めに使用される Kerberos プリンシパルをディレクトリーに表現されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr "初期値: host/machine.fqdn@REALM"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -3704,33 +4078,33 @@ msgstr ""
"するために逆引きを実行します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr "初期値: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "SASL/GSSAPI を使用するときに使用するキーテーブルを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3741,27 +4115,27 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "GSSAPI が使用されている場合、TGT の有効期間を秒単位で指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr "初期値: 86400 (24 時間)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr "krb5_server (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3773,7 +4147,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3784,7 +4158,7 @@ msgstr ""
"ば _tcp にフォールバックします。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3795,39 +4169,41 @@ msgstr ""
"quote> を使用するよう設定ファイルを移行することが推奨されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "(SASL/GSSAPI 認証向け) Kerberos レルムを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
+"LDAP サーバーに接続するとき、ホストのプリンシパルが正規化されるかどうかを指定"
+"します。この機能は MIT Kerberos >= 1.7 で利用可能です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -3836,7 +4212,7 @@ msgstr ""
"す。以下の値が許容されます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -3845,7 +4221,7 @@ msgstr ""
"ンはサーバー側のパスワードポリシーを無効にできません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3856,7 +4232,7 @@ msgstr ""
"manvolnum></citerefentry> 形式の属性を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3867,17 +4243,17 @@ msgstr ""
"とき、これらの属性を更新するために chpass_provider=krb5 を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr "自動参照追跡が有効化されるかを指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -3885,29 +4261,38 @@ msgstr ""
"OpenLDAP バージョン 2.4.13 およびそれ以降とともにコンパイルされているとき、 "
"sssd のみが参照追跡をサポートすることに注意してください。"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"サービス検索が有効にされているときに使用するサービスの名前を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr "初期値: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -3916,37 +4301,32 @@ msgstr ""
"を検索するために使用するサービスの名前を指定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
-"access_provider = ldap を使用しているならば、このオプションは必須です。このホ"
-"ストにおいてアクセスが許可されるユーザーに対して満たされる必要がある LDAP 検"
-"索フィルター基準を指定します。 access_provider = ldap かつこのオプションが設"
-"定されていないと、すべてのユーザーがアクセスを拒否される結果になります。この"
-"初期値による動作を変更するには access_provider = allow を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr "例:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3958,7 +4338,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
@@ -3967,26 +4347,30 @@ msgstr ""
"ンバーに制限されることを意味します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
"access during their last login, they will continue to be granted access "
"while offline and vice-versa."
msgstr ""
+"この機能に対するオフラインキャッシュは、ユーザーの最終オンラインログインがア"
+"クセス権を許可されたかどうかを決めることに制限されます。採集ログインの間にア"
+"クセスが許可されていると、オフラインの間にアクセスが許可され続けます。逆もま"
+"た同様です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr "初期値: 空白"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -3995,7 +4379,7 @@ msgstr ""
"ます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4006,12 +4390,12 @@ msgstr ""
"否します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr "以下の値が許可されます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -4020,7 +4404,7 @@ msgstr ""
"ldap_user_shadow_expire の値を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4029,7 +4413,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4040,7 +4424,7 @@ msgstr ""
"ldap_ns_account_lock の値を使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4053,28 +4437,28 @@ msgstr ""
"クセスが許可されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -4083,30 +4467,30 @@ msgstr ""
"authorizedService 属性を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr "初期値: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr "値が複数使用されていると設定エラーになることに注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr "ldap_deref (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -4115,12 +4499,12 @@ msgstr ""
"ションが許容されます:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -4129,7 +4513,7 @@ msgstr ""
"決されますが、検索のベースオブジェクトの位置を探すときはされません。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -4138,7 +4522,7 @@ msgstr ""
"すときのみ参照解決されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -4147,7 +4531,7 @@ msgstr ""
"きも位置を検索するときも参照解決されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -4171,57 +4555,57 @@ msgstr ""
"\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr "SUDO オプション"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr "LDAP にある sudo ルールエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr "初期値: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "sudo ルール名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr "コマンド名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr "初期値: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -4230,17 +4614,17 @@ msgstr ""
"クグループ)に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr "初期値: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -4249,49 +4633,49 @@ msgstr ""
"る LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr "初期値: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "sudo オプションに対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr "初期値: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr "コマンドを実行するユーザー名に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr "初期値: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -4299,34 +4683,34 @@ msgstr ""
"コマンドを実行するグループ名またはグループの GID に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr "初期値: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr "sudo ルールが有効になる開始日時に対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr "初期値: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
@@ -4335,32 +4719,32 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr "初期値: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "ルールの並び替えインデックスに対応する LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr "初期値: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr "ldap_sudo_refresh_enabled (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
@@ -4369,24 +4753,24 @@ msgstr ""
"れの更新前に掃除されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr "ldap_sudo_refresh_timeout (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
"SSSD が sudo ルールのキャッシュを更新する前に待たなければいけない秒数です。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4398,59 +4782,59 @@ msgstr ""
"refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr "AUTOFS オプション"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr "初期値は RFC2307 の標準スキーマに対応することに注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr "LDAP にある automount マップエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr "初期値: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr "LDAP における automount のマップエントリーの名前です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr "初期値: ou"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -4459,17 +4843,17 @@ msgstr ""
"ントと対応します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr "初期値: automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -4482,17 +4866,17 @@ msgstr ""
"\"variablelist\" id=\"4\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr "高度なオプション"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
@@ -4500,34 +4884,34 @@ msgstr ""
"ス DN です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
"ユーザーの検索を特定のサブツリーに制限するためのオプションのベース DN です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
"グループの検索を特定のサブツリーに制限するためのオプションのベース DN です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr "ldap_user_search_filter (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
@@ -4536,7 +4920,7 @@ msgstr ""
"定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
@@ -4545,7 +4929,7 @@ msgstr ""
"<emphasis>廃止されます</emphasis>。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -4555,7 +4939,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
@@ -4564,12 +4948,12 @@ msgstr ""
"制限されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr "ldap_group_search_filter (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
@@ -4578,7 +4962,7 @@ msgstr ""
"定します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
@@ -4587,12 +4971,12 @@ msgstr ""
"<emphasis>廃止されます</emphasis>。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
@@ -4600,12 +4984,12 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
@@ -4613,7 +4997,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4624,7 +5008,7 @@ msgstr ""
"さい。 <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4635,7 +5019,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4656,19 +5040,19 @@ msgstr ""
" cache_credentials = true\n"
" enumerate = true\n"
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr "注記"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4681,7 +5065,7 @@ msgstr ""
"づいています。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -4815,6 +5199,10 @@ msgid ""
"calling PAM handles the user dialog on its own. A typical example is "
"<command>sshd</command> with <option>PasswordAuthentication</option>."
msgstr ""
+"このオプションは、アプリケーションが呼び出す PAM が自身においてユーザーダイア"
+"ログを処理すると仮定して動作しません。典型的な例は "
+"<option>PasswordAuthentication</option> を用いた <command>sshd</command> で"
+"す。"
#. type: Content of: <reference><refentry><refsect1><title>
#: pam_sss.8.xml:110
@@ -4842,6 +5230,9 @@ msgid ""
"does not support password resets, an individual message can be displayed. "
"This message can e.g. contain instructions about how to reset a password."
msgstr ""
+"対応する SSSD プロバイダーがパスワードリセットをサポートしないため、root によ"
+"るパスワードリセットが失敗すると、それぞれのメッセージが表示されます。たとえ"
+"ば、このメッセージはパスワードをリセットする方法に関する説明があります。"
#. type: Content of: <reference><refentry><refsect1><para>
#: pam_sss.8.xml:123
@@ -4906,6 +5297,12 @@ msgid ""
"libraries it reads and evaluates these variables and returns them to the "
"libraries."
msgstr ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry> は、レルム、および KDC の名前または IP アドレスを、それぞれ "
+"SSSD_KRB5_REALM および SSSD_KRB5_KDC の中に置きます。"
+"<command>sssd_krb5_locator_plugin</command> が Kerberos ライブラリーにより呼"
+"び出されるとき、それがこれらの変数を読み込み、評価し、ライブラリーに返しま"
+"す。"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:63
@@ -4914,6 +5311,10 @@ msgid ""
"<command>sssd_krb5_locator_plugin</command> is not available on your system "
"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
msgstr ""
+"すべての Kerberos 実装がプラグインの使用をサポートしているとは限りません。 "
+"<command>sssd_krb5_locator_plugin</command> がシステムにおいて利用可能でなけ"
+"れば、Kerberos の構築を反映するように /etc/krb5.conf を編集する必要がありま"
+"す。"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd_krb5_locator_plugin.8.xml:69
@@ -5152,6 +5553,11 @@ msgid ""
"krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> authentication "
"provider with some exceptions described below."
msgstr ""
+"IPA プロバイダーは <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> 識別プロバイダーおよび "
+"<citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> 認証プロバイダーにより使用されるものと同じオプショ"
+"ンを受け付けます。いくつかの例外は以下に説明されています。"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-ipa.5.xml:55
@@ -5162,6 +5568,12 @@ msgid ""
"freeipa.org for more information about HBAC. No configuration of access "
"provider is required on the client side."
msgstr ""
+"しかし、これらのオプションを設定することは必要ありません、また推奨もされませ"
+"ん。IPA プロバイダーはアクセスプロバイダーおよびパスワード変更プロバイダーと"
+"しても使用できます。アクセスプロバイダーとしては、HBAC (ホストベースアクセス"
+"制御) ルールを使用します。HBAC の詳細は freeipa.org を参照してください。アク"
+"セスプロバイダーが設定されていなければ、クライアント側において必要になりま"
+"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-ipa.5.xml:72
@@ -5302,12 +5714,35 @@ msgstr ""
"して使用します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "ipa_subdomains_search_base (string)"
+msgstr "ipa_hbac_search_base (文字列)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+#, fuzzy
+#| msgid "Optional. Use the given string as search base for host objects."
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+"オプションです。ホストオブジェクトの検索ベースとして与えられた文字列を使用し"
+"ます。"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+#, fuzzy
+#| msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr "初期値: <emphasis>ldap_search_base</emphasis> の値"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
@@ -5315,7 +5750,7 @@ msgstr ""
"取得された TGT が改ざんされていないかを krb5_keytab の支援で確認します。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -5324,7 +5759,7 @@ msgstr ""
"してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
@@ -5333,7 +5768,7 @@ msgstr ""
"quote> の値です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
@@ -5342,7 +5777,7 @@ msgstr ""
"めに使用するベース DN に変換されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5352,12 +5787,12 @@ msgstr ""
"するかを指定します。この機能は MIT Kerberos >= 1.7 で利用可能です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (整数)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -5365,17 +5800,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr "初期値: 5 (秒)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5389,7 +5824,7 @@ msgstr ""
"操作をサポートします:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
@@ -5398,7 +5833,7 @@ msgstr ""
"てのユーザーがアクセスを拒否されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -5408,17 +5843,17 @@ msgstr ""
"注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr "初期値: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr "ipa_hbac_support_srchost (論理値)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
@@ -5427,7 +5862,7 @@ msgstr ""
"す。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
@@ -5437,37 +5872,37 @@ msgstr ""
"ようになることに注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr "ipa_automount_location (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr "この IPA クライアントが使用する automounter の場所です"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr "初期値: \"default\" という名前の場所"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr "ipa_netgroup_member_of (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr "ネットワークグループのメンバーを一覧にする LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr "ipa_netgroup_member_user (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
@@ -5476,17 +5911,17 @@ msgstr ""
"る LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr "初期値: memberUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr "ipa_netgroup_member_host (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
@@ -5495,17 +5930,17 @@ msgstr ""
"LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr "初期値: memberHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr "ipa_netgroup_member_ext_host (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
@@ -5514,100 +5949,100 @@ msgstr ""
"る LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr "初期値: externalHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr "ipa_netgroup_domain (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr "ネットワークグループの NIS ドメイン名を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr "初期値: nisDomainName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr "ipa_host_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr "LDAP にあるホストエントリーのオブジェクトクラスです。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr "初期値: ipaHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr "ipa_host_fqdn (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr "ホストの FQDN を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr "初期値: fqdn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr "ipa_selinux_usermap_object_class (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr "ipa_selinux_usermap_name (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr "SELinux ユーザーマップの名前を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr "ipa_selinux_usermap_member_user (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr "このルールが一致するすべてのユーザー・グループを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr "ipa_selinux_usermap_member_host (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr "このルールが一致するホスト・ホストグループを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr "ipa_selinux_usermap_see_also (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
@@ -5616,32 +6051,32 @@ msgstr ""
"む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr "初期値: seeAlso"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr "ipa_selinux_usermap_selinux_user (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr "SELinux ユーザー文字列自身を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr "初期値: ipaSELinuxUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr "ipa_selinux_usermap_enabled (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
@@ -5649,72 +6084,72 @@ msgstr ""
"ユーザーマップが使用するために有効化されているかどうかを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr "初期値: ipaEnabledFlag"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr "ipa_selinux_usermap_user_category (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr "'all' のようなユーザーカテゴリーを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr "初期値: userCategory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr "ipa_selinux_usermap_host_category (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr "'all' のようなホストカテゴリーを含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr "初期値: hostCategory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr "ipa_selinux_usermap_uuid (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr "ユーザーマップの一意な ID を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr "初期値: ipaUniqueID"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr "ipa_host_ssh_public_key (文字列)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr "ホストの SSH 公開鍵を含む LDAP 属性です。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr "初期値: ipaSshPubKey"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -5725,7 +6160,7 @@ msgstr ""
"例は IPA プロバイダー固有のオプションのみを示しています。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -5739,7 +6174,7 @@ msgstr ""
" ipa_hostname = myhost.example.com\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -5785,6 +6220,13 @@ msgid ""
"FreeIPA. It provides a more robust database to store local users as well as "
"extended user data."
msgstr ""
+"<command>SSSD</command> はリモートディレクトリーへのアクセスと認証メカニズム"
+"を管理するための一組のデーモンを提供します。システムへの NSS と PAM インター"
+"フェースを提供します。また、D-Bus インターフェースのように複数の異なるアカウ"
+"ントソースに接続するための取り外し可能なバックエンドシステムを提供します。ク"
+"ライアント監査、およびFreeIPA のようなプロジェクトに対するポリシーサービスを"
+"提供する基礎となります。ローカルユーザーだけでなく拡張ユーザーデータを保存す"
+"るためのより強靭なデータベースを提供します。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:46
@@ -5828,11 +6270,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr "<emphasis>0</emphasis>: 日時でマイクロ秒を無効にします"
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr "初期値: 0"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -5845,6 +6282,9 @@ msgid ""
"are stored in <filename>/var/log/sssd</filename> and there are separate log "
"files for every SSSD service and domain."
msgstr ""
+"デバッグ出力を標準エラーの代わりにファイルに送信します。初期状態で、ログファ"
+"イルは <filename>/var/log/sssd</filename> に保存され、すべての SSSD サービス"
+"とドメインに対して別々のログファイルがあります。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:97
@@ -6042,6 +6482,10 @@ msgid ""
"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
"advised."
msgstr ""
+"パスワードをわかりにくくすることは、攻撃者がパスワードをリバースエンジニアリ"
+"ングできるので <emphasis>実際にセキュリティの便益</emphasis> は提供されませ"
+"ん。クライアントサイド証明書や GSSAPI のようなより良い認証機構を使用すること"
+"を <emphasis>強く</emphasis> 推奨します。"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_obfuscate.8.xml:63
@@ -6295,7 +6739,7 @@ msgstr ""
"値を使います。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6351,6 +6795,13 @@ msgid ""
"page for the applicable identity provider for details on how to configure "
"this."
msgstr ""
+"Kerberos 5 認証バックエンドは認証プロバイダーおよびパスワード変更プロバイダー"
+"を含みます。正しく機能するためには識別プロダイバーと組み合わせて使用する必要"
+"があります (たとえば、id_provider = ldap)。Kerberos 5 認証バックエンドにより"
+"必要とされるいくつかの情報は、ユーザーの Kerberos プリンシパル名 (UPN) のよう"
+"な、識別プロバイダーにより提供される必要があります。識別プロバイダーの設定は "
+"UPN を指定するためのエントリーがある必要があります。これを設定する方法に関す"
+"る詳細は適用可能な識別プロバイダーのマニュアルページを参照してください。"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:47
@@ -6362,6 +6813,12 @@ msgid ""
"To activate this feature use 'access_provider = krb5' in your sssd "
"configuration."
msgstr ""
+"このバックエンドは、ユーザーのホームディレクトリーにある .k5login ファイルに"
+"基づいたアクセス制御を提供します。詳細は <citerefentry> <refentrytitle>."
+"k5login</refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してく"
+"ださい。空の .k5login ファイルがあると、このユーザーに対するすべてのアクセス"
+"が拒否されます。この機能を有効にするには、SSSD 設定において 'access_provider "
+"= krb5' を使用します。"
#. type: Content of: <reference><refentry><refsect1><para>
#: sssd-krb5.5.xml:55
@@ -6393,6 +6850,9 @@ msgid ""
"can be defined here. An optional port number (preceded by a colon) may be "
"appended to the addresses or hostnames."
msgstr ""
+"パスワード変更サービスが KDC において実行されていなければ、代替サーバーがここ"
+"で指定できます。オプションのポート番号が(コロンに続けて)アドレスまたはホス"
+"ト名に追加できます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:122
@@ -6402,6 +6862,10 @@ msgid ""
"kpasswd servers to try the back end is not switch to offline if "
"authentication against the KDC is still possible."
msgstr ""
+"フェイルオーバーとサーバー冗長性に関する詳細は、<quote>フェイルオーバー</"
+"quote>のセクションを参照してください。KDC に対する認証がまだ可能であるなら"
+"ば、たとえすべての kpasswd サーバーがなかったとしても、バックエンドをオフライ"
+"ンに切り替えないことに注意してください。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:129
@@ -6424,6 +6888,13 @@ msgid ""
"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> </"
"citerefentry> for details) is created."
msgstr ""
+"クレディンシャルキャッシュを保存するディレクトリーです。すべての "
+"krb5_ccname_template の置換シーケンスが、%d と %P を除き、ここで使用できま"
+"す。ディレクトリーが存在しなければ、作成されます。%u, %U, %p または %h が使用"
+"されていると、ユーザーが所属するプライベートディレクトリーが作成されます。そ"
+"うでなければ、削除制限フラグ(つまりスティッキービットです、詳細は "
+"<citerefentry> <refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
+"</citerefentry> を参照してください)を持つ公開ディレクトリーが作成されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:151
@@ -6494,6 +6965,11 @@ msgid ""
"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
"way."
msgstr ""
+"ユーザーのクレディンシャルキャッシュの位置です。現在、ファイルベースのクレ"
+"ディンシャルキャッシュのみがサポートされます。テンプレートにおいて、以下の"
+"シーケンスが置換されます: <placeholder type=\"variablelist\" id=\"0\"/> テン"
+"プレートが 'XXXXXX' で終わっていると、 mkstemp(3) が安全な方法で一意なファイ"
+"ル名を作成するために使用されます。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-krb5.5.xml:209
@@ -6554,6 +7030,9 @@ msgid ""
"Passwords stored in this way are kept in plaintext in the kernel keyring and "
"are potentially accessible by the root user (with difficulty)."
msgstr ""
+"この機能は現在 Linux プラットフォームにおいてのみ利用可能なことに注意してくだ"
+"さい。この方法で保存したパスワードは、カーネルのキーリングに平文で保持され、"
+"潜在的に root ユーザーによりアクセスできる可能性があります(難しいです)。"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#: sssd-krb5.5.xml:275
@@ -6761,6 +7240,9 @@ msgid ""
"example shows only configuration of Kerberos authentication, it does not "
"include any identity provider."
msgstr ""
+"以下の例は、SSSD が正しく設定され、FOO が <replaceable>[sssd]</replaceable> "
+"セクションにあるドメインの 1 つであると仮定しています。この例は Kerberos 認証"
+"の設定のみを示し、識別プロバイダーを何も含みません。"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#: sssd-krb5.5.xml:442
@@ -6838,7 +7320,7 @@ msgstr ""
"いと、自動的に選択されます。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6944,7 +7426,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr "実際にユーザーを削除する前に、そのプロセスをすべて停止します。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6997,7 +7479,7 @@ msgstr ""
"り識別されるグループをシステムから削除します。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -7065,7 +7547,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -7171,7 +7653,7 @@ msgid "The SELinux user for the user's login."
msgstr "ユーザーのログインのための SELinux ユーザーです。"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -7305,6 +7787,85 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
+#, fuzzy
+#| msgid ""
+#| "<option>-u</option>,<option>--user</option> <replaceable>login</"
+#| "replaceable>"
+msgid ""
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
+"replaceable>"
+msgstr ""
+"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+#, fuzzy
+#| msgid "Invalidate specific user."
+msgid "Invalidate specific service."
+msgstr "特定のユーザーを無効にします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+#, fuzzy
+#| msgid "<option>-U</option>,<option>--users</option>"
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr "<option>-U</option>,<option>--users</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+"すべてのユーザーレコードを無効にします。このオプションも設定されていると、こ"
+"れが特定のユーザーの無効化を上書きします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+#| "replaceable>"
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+#, fuzzy
+#| msgid "Invalidate specific user."
+msgid "Invalidate specific autofs maps."
+msgstr "特定のユーザーを無効にします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+#, fuzzy
+#| msgid "<option>-U</option>,<option>--users</option>"
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr "<option>-U</option>,<option>--users</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+"すべてのユーザーレコードを無効にします。このオプションも設定されていると、こ"
+"れが特定のユーザーの無効化を上書きします。"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
@@ -7313,7 +7874,7 @@ msgstr ""
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:113
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr "無効化プロセスを特定のドメインのみに制限します。"
@@ -7609,7 +8170,7 @@ msgstr ""
"るための適切なサービスを自動的に検索できます。"
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr "設定"
@@ -7735,6 +8296,253 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+#, fuzzy
+#| msgid "Configuration"
+msgid "Advanced Configuration"
+msgstr "設定"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_min (integer)"
+msgstr "ldap_page_size (整数)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 10001"
+msgstr "初期値: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_max (integer)"
+msgstr "ldap_page_size (整数)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 2000100000"
+msgstr "初期値: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_size (integer)"
+msgstr "ldap_page_size (整数)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 200000"
+msgstr "初期値: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+#, fuzzy
+#| msgid "ldap_default_bind_dn (string)"
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr "ldap_default_bind_dn (文字列)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+#, fuzzy
+#| msgid "ldap_default_bind_dn (string)"
+msgid "ldap_idmap_default_domain (string)"
+msgstr "ldap_default_bind_dn (文字列)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+#, fuzzy
+#| msgid "The type of the authentication token of the default bind DN."
+msgid "Specify the name of the default domain."
+msgstr "初期バインド DN の認証トークンの形式です。"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+#, fuzzy
+#| msgid "ldap_id_use_start_tls (boolean)"
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr "ldap_id_use_start_tls (論理値)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -7876,3 +8684,33 @@ msgid ""
msgstr ""
"<emphasis> これは実験的な機能です、何らかの問題を報告するには http://"
"fedorahosted.org/sssd を使用してください。 </emphasis>"
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr "ローカルドメイン"
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
+
+#~ msgid "Default: 7"
+#~ msgstr "初期値: 7"
+
+#~ msgid "<quote>permit</quote> always allow access."
+#~ msgstr "<quote>permit</quote> は常にアクセスを許可します。"
diff --git a/src/man/po/nl.po b/src/man/po/nl.po
index 914f8c4d..21a1b199 100644
--- a/src/man/po/nl.po
+++ b/src/man/po/nl.po
@@ -8,8 +8,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-08 11:52+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-20 17:34+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Dutch (http://www.transifex.net/projects/p/fedora/language/"
"nl/)\n"
@@ -128,18 +128,18 @@ msgstr ""
"replaceable> parameter."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr "ZIE OOK"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -264,7 +264,7 @@ msgid "The [sssd] section"
msgstr "De [sssd] sectie"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr "Sectie parameters"
@@ -297,16 +297,18 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -315,17 +317,17 @@ msgstr ""
"Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr "Standaard: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr "domeinen"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -338,12 +340,12 @@ msgstr ""
"lijst van domeinen in de volgorde die SSSD ze moet aflopen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr "re_expression (tekst)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
@@ -352,7 +354,7 @@ msgstr ""
"domeinnaam verwerkt moeten worden."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -363,7 +365,7 @@ msgstr ""
"het domein alles daarna\""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -371,7 +373,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -380,12 +382,12 @@ msgstr ""
"(?P&lt;name&gt;) om subpatronen aan te geven."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr "full_name_format (tekst)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -396,17 +398,17 @@ msgstr ""
"(met name, domain) vertaald wordt in een full qualified name."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Standaard: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr "try_inotify (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -419,7 +421,7 @@ msgstr ""
"kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -430,7 +432,7 @@ msgstr ""
"gezet worden"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -439,7 +441,7 @@ msgstr ""
"systemen."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -449,12 +451,12 @@ msgstr ""
"conf."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -463,19 +465,42 @@ msgstr ""
"opslaan."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+#, fuzzy
+#| msgid "enum_cache_timeout (integer)"
+msgid "force_timeout (integer)"
+msgstr "enum_cache_timeout (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -488,12 +513,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr "SERVICES SECTIE"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -502,100 +527,100 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr "Algemene service configuratie-opties"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr "Deze opties kunnen gebruikt worden om services te configureren."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr "debug_level (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr "Voeg een tijdstempel toe aan de debugberichten"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr "Standaard: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "fd_limit"
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:278
msgid ""
-"This option specifies the maximum number of file descriptors that may be "
-"opened at one time by this SSSD process. On systems where SSSD is granted "
-"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
-"systems without this capability, the resulting value will be the lower value "
-"of this or the limits.conf \"hard\" limit."
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
-msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
-msgstr "command (tekst)"
+#: sssd.conf.5.xml:301
+msgid "fd_limit"
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
+#: sssd.conf.5.xml:304
msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr "Standaard: <command>sssd_${service_name}</command>"
+#: sssd.conf.5.xml:313
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr "NSS configuratie-opties"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -603,12 +628,12 @@ msgstr ""
"configurere."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -617,17 +642,17 @@ msgstr ""
"over alle gebruikers)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr "Standaard: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -635,7 +660,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -645,7 +670,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -654,17 +679,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (numeriek)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -672,17 +697,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -691,78 +716,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -770,138 +795,196 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+#, fuzzy
+#| msgid "full_name_format (string)"
+msgid "fallback_homedir (string)"
+msgstr "full_name_format (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+msgid "default_shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+#, fuzzy
+#| msgid "entry_negative_timeout (integer)"
+msgid "get_domains_timeout (int)"
+msgstr "entry_negative_timeout (numeriek)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -909,59 +992,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -969,7 +1052,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -978,45 +1061,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Standaard: 0"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -1024,7 +1121,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -1033,71 +1130,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+#, fuzzy
+#| msgid "NSS configuration options"
+msgid "SSH configuration options"
+msgstr "NSS configuratie-opties"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+#, fuzzy
+#| msgid "These options can be used to configure any service."
+msgid "These options can be used to configure the SSH service."
+msgstr "Deze opties kunnen gebruikt worden om services te configureren."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1106,56 +1229,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1165,14 +1271,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1181,98 +1287,98 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1281,47 +1387,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+msgid "pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1330,19 +1462,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1350,7 +1482,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1358,30 +1490,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1389,17 +1521,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1408,24 +1542,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1433,7 +1567,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1441,7 +1575,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1449,35 +1583,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1485,29 +1619,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1515,66 +1649,153 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+msgid "subdomains_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1582,51 +1803,83 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+msgid "subdomain_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1634,29 +1887,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1664,19 +1917,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1684,73 +1937,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1758,17 +2011,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1777,17 +2030,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1795,17 +2048,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1813,18 +2066,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1854,7 +2107,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1863,7 +2116,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2062,216 +2315,236 @@ msgstr ""
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+#, fuzzy
+#| msgid "re_expression (string)"
+msgid "ldap_user_objectsid (string)"
+msgstr "re_expression (tekst)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2280,17 +2553,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2299,17 +2572,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2318,17 +2591,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2337,17 +2610,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2356,17 +2629,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2375,17 +2648,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2393,158 +2666,158 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2553,29 +2826,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2583,54 +2856,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2638,24 +2911,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -2663,89 +2936,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+msgid "ldap_group_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -2753,198 +3038,198 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2952,7 +3237,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2960,35 +3245,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2999,12 +3279,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3012,12 +3292,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3026,34 +3306,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3061,27 +3341,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3089,13 +3392,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3104,7 +3407,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3112,26 +3415,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3139,7 +3442,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3147,7 +3450,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3155,41 +3458,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3198,38 +3501,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3237,90 +3541,103 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
+#: sssd-ldap.5.xml:1318
+msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1321
msgid ""
-"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
-"supported."
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1337
+msgid "ldap_sasl_mech (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1340
+msgid ""
+"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
+"supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3328,27 +3645,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3360,7 +3677,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3368,7 +3685,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3376,53 +3693,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3430,7 +3747,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3438,76 +3755,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3516,14 +3842,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3532,24 +3858,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3557,19 +3883,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3578,7 +3904,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3586,7 +3912,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3595,89 +3921,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3694,212 +4020,212 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -3908,76 +4234,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -3986,62 +4312,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -4049,55 +4375,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4105,7 +4431,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4113,7 +4439,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4126,19 +4452,19 @@ msgid ""
" enumerate = true\n"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4147,7 +4473,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -4669,40 +4995,55 @@ msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+msgid "ipa_subdomains_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -4710,12 +5051,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4723,17 +5064,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4742,313 +5083,313 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -5056,7 +5397,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -5066,7 +5407,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -5143,11 +5484,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Standaard: 0"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -5528,7 +5864,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6002,7 +6338,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6087,7 +6423,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6126,7 +6462,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6179,7 +6515,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6268,7 +6604,7 @@ msgid "The SELinux user for the user's login."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6378,13 +6714,85 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
+#, fuzzy
+#| msgid ""
+#| "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
"replaceable>"
msgstr ""
+"<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</"
+"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:113
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+#, fuzzy
+#| msgid ""
+#| "<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr ""
+"<option>-r</option>,<option>--remove-group</option> <replaceable>GROEPEN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+#, fuzzy
+#| msgid ""
+#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+#, fuzzy
+#| msgid ""
+#| "<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
+#| "replaceable>"
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr ""
+"<option>-a</option>,<option>--append-group</option> <replaceable>GROEPEN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -6609,7 +7017,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr ""
@@ -6725,6 +7133,237 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+msgid "Advanced Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+msgid "ldap_idmap_range_min (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+#, fuzzy
+#| msgid "Default: 120"
+msgid "Default: 10001"
+msgstr "Standaard: 120"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+msgid "ldap_idmap_range_max (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+#, fuzzy
+#| msgid "Default: 120"
+msgid "Default: 2000100000"
+msgstr "Standaard: 120"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+msgid "ldap_idmap_range_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+#, fuzzy
+#| msgid "Default: 120"
+msgid "Default: 200000"
+msgstr "Standaard: 120"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+msgid "ldap_idmap_default_domain (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -6844,3 +7483,27 @@ msgid ""
"<emphasis> This is an experimental feature, please use http://fedorahosted."
"org/sssd to report any issues. </emphasis>"
msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
diff --git a/src/man/po/pt.po b/src/man/po/pt.po
index b7fc6895..be27d826 100644
--- a/src/man/po/pt.po
+++ b/src/man/po/pt.po
@@ -8,8 +8,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-08 11:52+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-20 17:34+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Portuguese <trans-pt@lists.fedoraproject.org>\n"
"Language: pt\n"
@@ -127,18 +127,18 @@ msgstr ""
"<replaceable>GROUPS</replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr "VER TAMBÉM"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -258,7 +258,7 @@ msgid "The [sssd] section"
msgstr "A seção [SSSD]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr "Parâmetros de secção"
@@ -292,16 +292,18 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -310,17 +312,17 @@ msgstr ""
"falha do provedor de dados ou reiniciar antes de eles desistirem"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr "Padrão: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr "domínios"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -333,19 +335,19 @@ msgstr ""
"domínios na ordem desejada."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr "re_expression (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -353,7 +355,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -361,19 +363,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr "full_name_format (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -381,17 +383,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Default: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr "try_inotify (boolean)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -400,7 +402,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -408,45 +410,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "force_timeout (integer)"
+msgstr "timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr "Padrão: 60"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -459,12 +484,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -473,128 +498,128 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr "Padrão: false"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "fd_limit"
-msgstr ""
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
+msgstr "timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:278
msgid ""
-"This option specifies the maximum number of file descriptors that may be "
-"opened at one time by this SSSD process. On systems where SSSD is granted "
-"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
-"systems without this capability, the resulting value will be the lower value "
-"of this or the limits.conf \"hard\" limit."
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
-msgid "Default: 8192 (or limits.conf \"hard\" limit)"
-msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
+msgstr "Padrão: 10"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
+#: sssd.conf.5.xml:301
+msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
+#: sssd.conf.5.xml:304
msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
+#: sssd.conf.5.xml:313
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -602,7 +627,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -612,7 +637,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -621,17 +646,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr "Padrão: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -639,17 +664,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -658,78 +683,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr "override_homedir (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr "%u"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr "nome de login"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr "Número UID"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr "%d"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr "nome de domínio"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr "%f"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr "nome totalmente qualificado do utilizador (utilizador@domínio)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr "%%"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr "um literal '%'"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -737,138 +762,198 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+#, fuzzy
+#| msgid "mail_dir (string)"
+msgid "fallback_homedir (string)"
+msgstr "mail_dir (string)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr "allowed_shells (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr "shell_fallback (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr "Padrão: /bin/sh"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+#, fuzzy
+#| msgid "default_shell (string)"
+msgid "default_shell"
+msgstr "default_shell (string)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+#, fuzzy
+#| msgid "entry_cache_timeout (integer)"
+msgid "get_domains_timeout (int)"
+msgstr "entry_cache_timeout (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -876,59 +961,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr "Padrão: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -936,7 +1021,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -945,45 +1030,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (integer)"
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -991,7 +1090,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -1000,71 +1099,95 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+#, fuzzy
+#| msgid "Configuration"
+msgid "SSH configuration options"
+msgstr "Configuração"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+msgid "These options can be used to configure the SSH service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr "SECÇÕES DE DOMÍNIO"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1073,56 +1196,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Padrão: 1 para min_id, 0 (sem limite) para max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr "timeout (integer)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr "Padrão: 10"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr "enumerate (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr "Padrão: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1132,14 +1238,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1148,98 +1254,98 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr "Padrão: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr "cache_credentials (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1248,47 +1354,77 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr "Padrão: 0 (ilimitado)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+#, fuzzy
+#| msgid "pam_pwd_expiration_warning (integer)"
+msgid "pwd_expiration_warning (integer)"
+msgstr "pam_pwd_expiration_warning (integer)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+#, fuzzy
+#| msgid "Default: memberHost"
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr "Padrão: memberHost"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr "id_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr "Backends suportados:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1297,19 +1433,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr "auth_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1317,7 +1453,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1325,30 +1461,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr "access_provider (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1356,17 +1492,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1375,24 +1513,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1400,7 +1538,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1408,7 +1546,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1416,35 +1554,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1452,29 +1590,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1482,66 +1620,155 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+#, fuzzy
+#| msgid "id_provider (string)"
+msgid "subdomains_provider (string)"
+msgstr "id_provider (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr "Padrão: none"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr "Default: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1549,51 +1776,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr "override_gid (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr "case_sensitive (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr "Padrão: TRUE"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+#, fuzzy
+#| msgid "override_homedir (string)"
+msgid "subdomain_homedir (string)"
+msgstr "override_homedir (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1601,29 +1862,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1631,19 +1892,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr "A secção de domínio local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1651,73 +1912,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr "default_shell (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Padrão: <filename>bash/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr "base_directory (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr "Padrão: <filename>/ home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr "create_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr "Padrão: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr "remove_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr "homedir_umask (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1725,17 +1986,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr "Padrão: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr "skel_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1744,17 +2005,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Padrão: <filename>skel/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr "mail_dir (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1762,17 +2023,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr "Padrão: <filename>mail/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1780,18 +2041,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr "Padrão: None, nenhum comando é executado"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr "EXEMPLO"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1845,7 +2106,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1854,7 +2115,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2071,216 +2332,236 @@ msgstr ""
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr "Padrão: homeDirectory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr "ldap_user_shell (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr "Padrão: diret"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr "ldap_user_uuid (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr "Padrão: nsUniqueId"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+#, fuzzy
+#| msgid "ldap_user_uuid (string)"
+msgid "ldap_user_objectsid (string)"
+msgstr "ldap_user_uuid (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr "Padrão: modifyTimestamp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr "ldap_user_shadow_last_change (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2289,17 +2570,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr "Padrão: shadowLastChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr "ldap_user_shadow_min (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2308,17 +2589,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr "Padrão: shadowMin"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr "ldap_user_shadow_max (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2327,17 +2608,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr "Padrão: shadowMax"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr "ldap_user_shadow_warning (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2346,17 +2627,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr "Padrão: shadowWarning"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr "ldap_user_shadow_inactive (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2365,17 +2646,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr "Padrão: shadowInactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr "ldap_user_shadow_expire (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2384,17 +2665,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr "Padrão: shadowExpire"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr "ldap_user_krb_last_pwd_change (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2402,158 +2683,158 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr "Padrão: krbLastPwdChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr "ldap_user_krb_password_expiration (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr "Padrão: krbPasswordExpiration"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr "ldap_user_principal (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr "Padrão: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2562,29 +2843,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr "Padrão: 300"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2592,54 +2873,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr "Padrão: 10800 (12 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr "Padrão: NC"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2647,24 +2928,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -2672,89 +2953,103 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr "Padrão: host"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+#, fuzzy
+#| msgid "ldap_netgroup_uuid (string)"
+msgid "ldap_group_objectsid (string)"
+msgstr "ldap_netgroup_uuid (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -2762,198 +3057,198 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr "Padrão: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2961,7 +3256,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2969,35 +3264,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr "Padrão: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr "Padrão: 60"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3008,12 +3298,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3021,12 +3311,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3035,34 +3325,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr "Padrão: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3070,27 +3360,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3098,13 +3411,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3113,7 +3426,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3121,19 +3434,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -3142,7 +3455,7 @@ msgstr ""
"qualquer certificado de servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3150,7 +3463,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3158,7 +3471,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3166,41 +3479,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr "Padrão: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3209,38 +3522,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3248,91 +3562,106 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1318
+#, fuzzy
+#| msgid "ldap_id_use_start_tls (boolean)"
+msgid "ldap_id_mapping (boolean)"
+msgstr "ldap_id_use_start_tls (boolean)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1321
+msgid ""
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1337
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1340
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr "Padrão: none"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr "Padrão: host/machine.fqdn@REALM"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr "Padrão: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3340,27 +3669,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr "Padrão: 86400 (24 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr "krb5_server (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3372,7 +3701,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3380,7 +3709,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3388,53 +3717,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3442,7 +3771,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3450,76 +3779,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3528,14 +3866,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3544,24 +3882,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3569,19 +3907,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3590,7 +3928,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3598,7 +3936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3607,89 +3945,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr "Padrão: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr "ldap_deref (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3706,212 +4044,212 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -3920,76 +4258,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -3998,62 +4336,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr "OPÇÕES AVANÇADAS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr "ldap_user_search_filter (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -4061,55 +4399,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr "ldap_group_search_filter (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4117,7 +4455,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4125,7 +4463,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4146,19 +4484,19 @@ msgstr ""
" cache_credentials = true\n"
" enumerate = true\n"
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr "NOTAS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4167,7 +4505,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -4705,40 +5043,57 @@ msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "ipa_subdomains_search_base (string)"
+msgstr "ipa_hbac_search_base (string)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -4746,12 +5101,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4759,17 +5114,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4778,313 +5133,313 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr "Padrão: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr "Padrão: memberUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr "ipa_netgroup_member_host (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr "Padrão: memberHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr "ipa_netgroup_member_ext_host (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr "Padrão: externalHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr "ipa_netgroup_domain (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr "Padrão: nisDomainName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr "ipa_host_object_class (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr "Padrão: ipaHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr "ipa_host_fqdn (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr "Padrão: fqdn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -5092,7 +5447,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -5106,7 +5461,7 @@ msgstr ""
" ipa_hostname = myhost.example.com\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -5193,11 +5548,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -5595,7 +5945,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6069,7 +6419,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6154,7 +6504,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6196,7 +6546,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6261,7 +6611,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6362,7 +6712,7 @@ msgid "The SELinux user for the user's login."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6481,13 +6831,76 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
+#, fuzzy
+#| msgid ""
+#| "<option>-f</option>,<option>--file</option> <replaceable>FILE</"
+#| "replaceable>"
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
"replaceable>"
msgstr ""
+"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:113
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+#, fuzzy
+#| msgid "<option>-R</option>,<option>--recursive</option>"
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr "<option>-R</option>,<option>--recursive</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+#| "replaceable>"
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+#, fuzzy
+#| msgid "<option>-D</option>,<option>--daemon</option>"
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr "<option>-D</option>,<option>--daemon</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -6712,7 +7125,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr "Configuração"
@@ -6828,6 +7241,251 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+#, fuzzy
+#| msgid "Configuration"
+msgid "Advanced Configuration"
+msgstr "Configuração"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_min (integer)"
+msgstr "ldap_page_size (integer)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 10001"
+msgstr "Padrão: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_max (integer)"
+msgstr "ldap_page_size (integer)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 2000100000"
+msgstr "Padrão: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_size (integer)"
+msgstr "ldap_page_size (integer)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 200000"
+msgstr "Padrão: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+#, fuzzy
+#| msgid "ldap_sasl_authid (string)"
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr "ldap_sasl_authid (string)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+#, fuzzy
+#| msgid "ipa_domain (string)"
+msgid "ldap_idmap_default_domain (string)"
+msgstr "ipa_domain (string)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+#, fuzzy
+#| msgid "ldap_id_use_start_tls (boolean)"
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr "ldap_id_use_start_tls (boolean)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -6947,3 +7605,27 @@ msgid ""
"<emphasis> This is an experimental feature, please use http://fedorahosted."
"org/sssd to report any issues. </emphasis>"
msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
diff --git a/src/man/po/ru.po b/src/man/po/ru.po
index 346ca6e6..b0bb45e2 100644
--- a/src/man/po/ru.po
+++ b/src/man/po/ru.po
@@ -8,8 +8,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-08 11:52+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-20 17:34+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Russian <trans-ru@lists.fedoraproject.org>\n"
"Language: ru\n"
@@ -114,18 +114,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr "СМ. ТАКЖЕ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -224,7 +224,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr ""
@@ -254,33 +254,35 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr "попыток_соединения (целое число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr "По умолчанию: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr "домены"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -289,19 +291,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -309,7 +311,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -317,19 +319,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -337,17 +339,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "По умолчанию: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -356,7 +358,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -364,45 +366,68 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+#, fuzzy
+#| msgid "reconnection_retries (integer)"
+msgid "force_timeout (integer)"
+msgstr "попыток_соединения (целое число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -415,12 +440,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -429,128 +454,128 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr "По умолчанию: false"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "fd_limit"
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:278
msgid ""
-"This option specifies the maximum number of file descriptors that may be "
-"opened at one time by this SSSD process. On systems where SSSD is granted "
-"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
-"systems without this capability, the resulting value will be the lower value "
-"of this or the limits.conf \"hard\" limit."
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
-msgid "Default: 8192 (or limits.conf \"hard\" limit)"
-msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
+msgstr "По умолчанию: 10"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
+#: sssd.conf.5.xml:301
+msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
+#: sssd.conf.5.xml:304
msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
+#: sssd.conf.5.xml:313
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr "По умолчанию: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -558,7 +583,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -568,7 +593,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -577,17 +602,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -595,17 +620,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr "По умолчанию: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -614,78 +639,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr "По умолчанию: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -693,138 +718,194 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+msgid "fallback_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+#, fuzzy
+#| msgid "Default: loginShell"
+msgid "default_shell"
+msgstr "По умолчанию: loginShell"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+msgid "get_domains_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr "По умолчанию: 0 (неограничено)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -832,59 +913,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr "По умолчанию: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr "В настоящее время sssd поддерживает следующие значения:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr "По умолчанию: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -892,7 +973,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -901,45 +982,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -947,7 +1042,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -956,71 +1051,95 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+#, fuzzy
+#| msgid "the configuration file for SSSD"
+msgid "SSH configuration options"
+msgstr "Файл конфигурации SSSD"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+msgid "These options can be used to configure the SSH service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1029,56 +1148,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr "По умолчанию: 10"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr "По умолчанию: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1088,14 +1190,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1104,98 +1206,98 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1204,47 +1306,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+msgid "pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1253,19 +1381,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1273,7 +1401,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1281,30 +1409,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1312,17 +1440,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1331,24 +1461,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1356,7 +1486,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1364,7 +1494,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1372,35 +1502,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1408,29 +1538,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1438,66 +1568,153 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+msgid "subdomains_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr "Поддерживаемые значения:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1505,51 +1722,83 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr "По умолчанию: использовать доменное имя из hostname"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+msgid "subdomain_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1557,29 +1806,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1587,19 +1836,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1607,73 +1856,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr "По умолчанию: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr "По умолчанию: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1681,17 +1930,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr "По умолчанию: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1700,17 +1949,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr "По умолчанию: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1718,17 +1967,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr "По умолчанию: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1736,18 +1985,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr "ПРИМЕР"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1777,7 +2026,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1786,7 +2035,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1985,216 +2234,234 @@ msgstr ""
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr "По умолчанию: rfc2307"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr "пароль"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr "По умолчанию: posixAccount"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr "По умолчанию: gecos"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr "По умолчанию: homeDirectory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr "По умолчанию: loginShell"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+msgid "ldap_user_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr "По умолчанию: modifyTimestamp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2203,17 +2470,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2222,17 +2489,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2241,17 +2508,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2260,17 +2527,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr "По умолчанию: shadowWarning"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2279,17 +2546,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr "По умолчанию: shadowInactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2298,17 +2565,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr "По умолчанию: shadowExpire"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2316,158 +2583,158 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2476,29 +2743,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2506,54 +2773,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2561,24 +2828,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -2586,89 +2853,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+msgid "ldap_group_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -2676,198 +2955,198 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2875,7 +3154,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2883,35 +3162,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2922,12 +3196,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2935,12 +3209,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -2949,34 +3223,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -2984,27 +3258,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3012,13 +3309,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3027,7 +3324,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3035,26 +3332,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3062,7 +3359,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3070,7 +3367,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3078,41 +3375,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3121,38 +3418,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3160,90 +3458,103 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
+#: sssd-ldap.5.xml:1318
+msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1321
msgid ""
-"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
-"supported."
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1337
+msgid "ldap_sasl_mech (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1340
+msgid ""
+"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
+"supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3251,27 +3562,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3283,7 +3594,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3291,7 +3602,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3299,53 +3610,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3353,7 +3664,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3361,76 +3672,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3439,14 +3759,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3455,24 +3775,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3480,19 +3800,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3501,7 +3821,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3509,7 +3829,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3518,89 +3838,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3617,212 +3937,212 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -3831,76 +4151,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -3909,62 +4229,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3972,55 +4292,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4028,7 +4348,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4036,7 +4356,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4049,19 +4369,19 @@ msgid ""
" enumerate = true\n"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4070,7 +4390,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -4592,40 +4912,55 @@ msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+msgid "ipa_subdomains_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -4633,12 +4968,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4646,17 +4981,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4665,313 +5000,313 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -4979,7 +5314,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -4989,7 +5324,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -5066,11 +5401,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -5451,7 +5781,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -5925,7 +6255,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6010,7 +6340,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6049,7 +6379,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6102,7 +6432,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6191,7 +6521,7 @@ msgid "The SELinux user for the user's login."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6302,12 +6632,60 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:113
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -6532,7 +6910,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr ""
@@ -6648,6 +7026,237 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+msgid "Advanced Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+msgid "ldap_idmap_range_min (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+#, fuzzy
+#| msgid "Default: 10"
+msgid "Default: 10001"
+msgstr "По умолчанию: 10"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+msgid "ldap_idmap_range_max (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+#, fuzzy
+#| msgid "Default: 10"
+msgid "Default: 2000100000"
+msgstr "По умолчанию: 10"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+msgid "ldap_idmap_range_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+#, fuzzy
+#| msgid "Default: 120"
+msgid "Default: 200000"
+msgstr "По умолчанию: 120"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+msgid "ldap_idmap_default_domain (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -6767,3 +7376,27 @@ msgid ""
"<emphasis> This is an experimental feature, please use http://fedorahosted."
"org/sssd to report any issues. </emphasis>"
msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot
index d2092482..c478138e 100644
--- a/src/man/po/sssd-docs.pot
+++ b/src/man/po/sssd-docs.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: sssd-docs 1.8.90\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -93,12 +93,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096 pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103 sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58 sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58 sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:95
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177 pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143 sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103 sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60 sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60 sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96 sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
@@ -200,7 +200,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr ""
@@ -228,33 +228,36 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
-msgid "Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+msgid ""
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
+"condition=\"with_ssh\">, ssh</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -263,19 +266,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -283,7 +286,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -291,19 +294,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax "
"(?P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> "
"<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes "
@@ -311,17 +314,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -330,7 +333,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -338,45 +341,65 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at "
"build-time. (__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+msgid "force_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the "
+"<quote>timeout</quote> option), it is first sent the SIGTERM signal that "
+"instructs it to quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690 sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -389,12 +412,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -403,125 +426,123 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328 sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793 sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225 sssd-ipa.5.xml:260
msgid "Default: true"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602 sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795 sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368 sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331 sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123 sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
msgid "Default: false"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "fd_limit"
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:278
msgid ""
-"This option specifies the maximum number of file descriptors that may be "
-"opened at one time by this SSSD process. On systems where SSSD is granted "
-"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
-"systems without this capability, the resulting value will be the lower value "
-"of this or the limits.conf \"hard\" limit."
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
-msgid "Default: 8192 (or limits.conf \"hard\" limit)"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
+#: sssd.conf.5.xml:301
+msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
+#: sssd.conf.5.xml:304
msgid ""
-"By default, the executable representing this service is called "
-"<command>sssd_${service_name}</command>. This directive allows to change "
-"the executable name for the service. In the vast majority of configurations, "
-"the default values should suffice."
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
+#: sssd.conf.5.xml:313
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) "
"service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -529,7 +550,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -539,7 +560,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -548,17 +569,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -566,17 +587,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set "
@@ -585,77 +606,77 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid "If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -663,138 +684,191 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+msgid "fallback_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid "The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid "Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in "
"<quote>/etc/shells</quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in "
"<quote>/etc/shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the "
"machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+msgid "default_shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during "
+"lookup. This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+msgid "get_domains_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -802,59 +876,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during "
"authentication. The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -862,7 +936,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a "
@@ -872,45 +946,60 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be "
+"displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting "
+"<emphasis>pwd_expiration_warning</emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -918,7 +1007,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -927,71 +1016,93 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+msgid "SSH configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+msgid "These options can be used to configure the SSH service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For "
@@ -1000,56 +1111,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1059,14 +1153,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1075,97 +1169,97 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826 sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919 sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1174,47 +1268,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+msgid "pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified "
"names. For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1223,19 +1343,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1243,7 +1363,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1251,29 +1371,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid "<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1281,17 +1401,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
@@ -1300,24 +1422,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1326,7 +1448,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
@@ -1335,7 +1457,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1343,34 +1465,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid "<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
@@ -1378,29 +1500,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
@@ -1409,66 +1531,154 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+msgid "subdomains_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
+"IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid "The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
+"IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1476,51 +1686,82 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+msgid "subdomain_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid "The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called "
@@ -1529,29 +1770,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1559,19 +1800,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" "
"id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1579,73 +1820,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1653,17 +1894,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1672,17 +1913,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1690,17 +1931,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1708,17 +1949,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126 sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126 sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1748,7 +1989,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1757,7 +1998,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> "
@@ -1960,216 +2201,234 @@ msgstr ""
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+msgid "ldap_user_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
@@ -2178,17 +2437,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
@@ -2197,17 +2456,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
@@ -2216,17 +2475,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
@@ -2235,17 +2494,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> "
@@ -2254,17 +2513,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2274,17 +2533,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2292,158 +2551,158 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2452,29 +2711,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2482,52 +2741,52 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828 sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881 sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861 sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960 sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2535,24 +2794,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -2560,89 +2819,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+msgid "ldap_group_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups "
"(e.g. RFC2307bis), then this option controls how many levels of nesting SSSD "
@@ -2650,191 +2921,191 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid "The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid "The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937 sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041 sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016 sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120 sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942 sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046 sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021 sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125 sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2842,7 +3113,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2850,35 +3121,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> "
@@ -2889,12 +3155,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2902,12 +3168,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -2916,34 +3182,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single "
"request. Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -2951,7 +3217,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use "
@@ -2959,20 +3225,43 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -2980,12 +3269,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid "You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -2994,7 +3283,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3002,26 +3291,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3029,7 +3318,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3037,7 +3326,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3045,41 +3334,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in "
"<filename>/etc/openldap/ldap.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3088,37 +3377,37 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979 sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344 sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359 include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3126,90 +3415,103 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem "
"class=\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
+#: sssd-ldap.5.xml:1318
+msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1321
msgid ""
-"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
-"supported."
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1337
+msgid "ldap_sasl_mech (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1340
+msgid ""
+"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
+"supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3217,27 +3519,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of "
@@ -3249,7 +3551,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3257,7 +3559,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of "
"SSSD. While the legacy name is recognized for the time being, users are "
@@ -3266,53 +3568,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client "
"side. The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use "
"<citerefentry><refentrytitle>shadow</refentrytitle> "
@@ -3321,7 +3623,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3329,76 +3631,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3407,14 +3718,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3423,24 +3734,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3448,19 +3759,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3469,7 +3780,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, "
"<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check "
@@ -3477,7 +3788,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3486,89 +3797,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3585,211 +3896,211 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid "How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -3798,76 +4109,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder "
"type=\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" "
@@ -3876,61 +4187,61 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid "An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = "
@@ -3939,53 +4250,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid "An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid "An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -3993,7 +4304,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4001,7 +4312,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4014,18 +4325,18 @@ msgid ""
" enumerate = true\n"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552 sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571 sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4034,7 +4345,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
@@ -4569,40 +4880,55 @@ msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+msgid "ipa_subdomains_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -4610,12 +4936,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
@@ -4623,17 +4949,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4642,312 +4968,312 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid "The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and "
"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
@@ -4955,7 +5281,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -4965,7 +5291,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> "
"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
@@ -5043,11 +5369,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -5430,7 +5751,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
@@ -5909,7 +6230,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
@@ -5998,7 +6319,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
@@ -6041,7 +6362,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
@@ -6098,7 +6419,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
@@ -6191,7 +6512,7 @@ msgid "The SELinux user for the user's login."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
@@ -6306,12 +6627,60 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
msgid ""
+"<option>-s</option>,<option>--service</option> "
+"<replaceable>service</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> "
+"<replaceable>autofs-map</replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
+msgid ""
"<option>-d</option>,<option>--domain</option> "
"<replaceable>domain</replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:113
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -6545,7 +6914,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr ""
@@ -6660,6 +7029,232 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between "
+"automatically-assigned and manually-assigned values. If you need to use "
+"manually-assigned values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that "
+"domain. In order to make this slice-assignment repeatable on different "
+"client machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid "Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+msgid "Advanced Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+msgid "ldap_idmap_range_min (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have "
+"<quote>id_min</quote> be less-than or equal to "
+"<quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+msgid "Default: 10001"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+msgid "ldap_idmap_range_max (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have "
+"<quote>id_max</quote> be greater-than or equal to "
+"<quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+msgid "Default: 2000100000"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+msgid "ldap_idmap_range_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+msgid "Default: 200000"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+msgid "ldap_idmap_default_domain (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -6778,3 +7373,28 @@ msgid ""
"<emphasis> This is an experimental feature, please use "
"http://fedorahosted.org/sssd to report any issues. </emphasis>"
msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with "
+"<quote>id_provider=local</quote> must be created and the SSSD must be "
+"running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
diff --git a/src/man/po/tg.po b/src/man/po/tg.po
index 7c0b0db9..d2c41ac2 100644
--- a/src/man/po/tg.po
+++ b/src/man/po/tg.po
@@ -7,8 +7,8 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-08 11:52+0000\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-20 17:34+0000\n"
"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
"Language-Team: Tajik (http://www.transifex.net/projects/p/fedora/language/"
"tg/)\n"
@@ -113,18 +113,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -223,7 +223,7 @@ msgid "The [sssd] section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr ""
@@ -253,33 +253,35 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr "Пешфарз: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -288,19 +290,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -308,7 +310,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -316,19 +318,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -336,17 +338,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -355,7 +357,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -363,45 +365,66 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+msgid "force_timeout (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -414,12 +437,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -428,128 +451,128 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr "Пешфарз: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr "Пешфарз: false"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
-msgid "fd_limit"
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:278
msgid ""
-"This option specifies the maximum number of file descriptors that may be "
-"opened at one time by this SSSD process. On systems where SSSD is granted "
-"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
-"systems without this capability, the resulting value will be the lower value "
-"of this or the limits.conf \"hard\" limit."
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
-msgid "Default: 8192 (or limits.conf \"hard\" limit)"
-msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
+msgstr "Пешфарз: 10"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
+#: sssd.conf.5.xml:301
+msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
+#: sssd.conf.5.xml:304
msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
+"This option specifies the maximum number of file descriptors that may be "
+"opened at one time by this SSSD process. On systems where SSSD is granted "
+"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
+"systems without this capability, the resulting value will be the lower value "
+"of this or the limits.conf \"hard\" limit."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
+#: sssd.conf.5.xml:313
+msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr "Пешфарз: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -557,7 +580,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -567,7 +590,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -576,17 +599,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr "Пешфарз: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -594,17 +617,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr "Пешфарз: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -613,78 +636,78 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr "Пешфарз: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr "Номи логин"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr "Рақами UID"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -692,138 +715,192 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+msgid "fallback_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr "Пешфарз: /bin/sh"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+msgid "default_shell"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+msgid "get_domains_timeout (int)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr "Пешфарз: 0 (Номаҳдуд)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -831,59 +908,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr "Пешфарз: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr "Пешфарз: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -891,7 +968,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -900,45 +977,59 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
-msgstr "Пешфарз: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Пешфарз: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -946,7 +1037,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -955,71 +1046,95 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+#, fuzzy
+#| msgid "Configuration"
+msgid "SSH configuration options"
+msgstr "Ҷӯрсозӣ"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+msgid "These options can be used to configure the SSH service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+msgid "ssh_hash_known_hosts (bool)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1028,56 +1143,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr "Пешфарз: 10"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr "Пешфарз: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1087,14 +1185,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1103,98 +1201,98 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr "Пешфарз: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1203,47 +1301,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr "Пешфарз: 0 (номаҳдуд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+msgid "pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1252,19 +1376,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1272,7 +1396,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1280,30 +1404,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1311,17 +1435,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1330,24 +1456,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1355,7 +1481,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1363,7 +1489,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1371,35 +1497,35 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1407,29 +1533,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1437,66 +1563,153 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+msgid "subdomains_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1504,51 +1717,83 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+msgid "subdomain_homedir (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1556,29 +1801,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1586,19 +1831,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1606,73 +1851,73 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr "Пешфарз: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -1680,17 +1925,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -1699,17 +1944,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -1717,17 +1962,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -1735,18 +1980,18 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr "НАМУНА"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -1776,7 +2021,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -1785,7 +2030,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -1984,216 +2229,234 @@ msgstr ""
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr "Пешфарз: rfc2307"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr "парол"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr "Пешфарз: парол"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+msgid "ldap_user_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2202,17 +2465,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2221,17 +2484,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2240,17 +2503,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2259,17 +2522,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2278,17 +2541,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2297,17 +2560,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2315,158 +2578,158 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2475,29 +2738,29 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -2505,54 +2768,54 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -2560,24 +2823,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -2585,89 +2848,101 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+msgid "ldap_group_objectsid (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -2675,198 +2950,198 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr "Пешфарз: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -2874,7 +3149,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -2882,35 +3157,30 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr "Пешфарз: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr ""
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -2921,12 +3191,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -2934,12 +3204,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -2948,34 +3218,34 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -2983,27 +3253,50 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"requests being denied."
msgstr ""
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3011,13 +3304,13 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3026,7 +3319,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3034,26 +3327,26 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3061,7 +3354,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3069,7 +3362,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3077,41 +3370,41 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3120,38 +3413,39 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3159,90 +3453,103 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
-msgid "ldap_sasl_mech (string)"
+#: sssd-ldap.5.xml:1318
+msgid "ldap_id_mapping (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1321
msgid ""
-"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
-"supported."
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1337
+msgid "ldap_sasl_mech (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1340
+msgid ""
+"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
+"supported."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr "Пешфарз: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3250,27 +3557,27 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3282,7 +3589,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3290,7 +3597,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3298,53 +3605,53 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3352,7 +3659,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -3360,76 +3667,85 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
msgstr ""
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr "Намуна:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -3438,14 +3754,14 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -3454,24 +3770,24 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -3479,19 +3795,19 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -3500,7 +3816,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -3508,7 +3824,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -3517,89 +3833,89 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -3616,212 +3932,212 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -3830,76 +4146,76 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -3908,62 +4224,62 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -3971,55 +4287,55 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4027,7 +4343,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4035,7 +4351,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4048,19 +4364,19 @@ msgid ""
" enumerate = true\n"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr "ЭЗОҲҲО"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4069,7 +4385,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -4591,40 +4907,55 @@ msgid "Optional. Use the given string as search base for SELinux user maps."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+msgid "ipa_subdomains_search_base (string)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -4632,12 +4963,12 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -4645,17 +4976,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -4664,313 +4995,313 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -4978,7 +5309,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -4988,7 +5319,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -5065,11 +5396,6 @@ msgstr ""
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Пешфарз: 0"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -5450,7 +5776,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -5924,7 +6250,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6009,7 +6335,7 @@ msgid "Before actually deleting the user, terminate all his processes."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6048,7 +6374,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6101,7 +6427,7 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -6190,7 +6516,7 @@ msgid "The SELinux user for the user's login."
msgstr ""
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -6301,12 +6627,60 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
msgid ""
-"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
"replaceable>"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#: sss_cache.8.xml:113
+msgid "Invalidate specific service."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+msgid "Invalidate specific autofs maps."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
+msgid ""
+"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+"replaceable>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr ""
@@ -6531,7 +6905,7 @@ msgid ""
msgstr ""
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr "Ҷӯрсозӣ"
@@ -6647,6 +7021,239 @@ msgid ""
"offline mode, and then attempts to reconnect every 30 seconds."
msgstr ""
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+#, fuzzy
+#| msgid "Configuration"
+msgid "Advanced Configuration"
+msgstr "Ҷӯрсозӣ"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+msgid "ldap_idmap_range_min (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+#, fuzzy
+#| msgid "Default: 10"
+msgid "Default: 10001"
+msgstr "Пешфарз: 10"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+msgid "ldap_idmap_range_max (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+#, fuzzy
+#| msgid "Default: 10"
+msgid "Default: 2000100000"
+msgstr "Пешфарз: 10"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+msgid "ldap_idmap_range_size (integer)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+#, fuzzy
+#| msgid "Default: 120"
+msgid "Default: 200000"
+msgstr "Пешфарз: 120"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+msgid "ldap_idmap_default_domain (string)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+msgid "Specify the name of the default domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -6766,3 +7373,30 @@ msgid ""
"<emphasis> This is an experimental feature, please use http://fedorahosted."
"org/sssd to report any issues. </emphasis>"
msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
+
+#~ msgid "Default: 7"
+#~ msgstr "Пешфарз: 7"
diff --git a/src/man/po/uk.po b/src/man/po/uk.po
index 164047f7..28b0a82c 100644
--- a/src/man/po/uk.po
+++ b/src/man/po/uk.po
@@ -9,9 +9,9 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
-"POT-Creation-Date: 2012-03-12 16:37-0300\n"
-"PO-Revision-Date: 2012-03-12 20:08+0000\n"
-"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
+"POT-Creation-Date: 2012-05-11 14:59-0300\n"
+"PO-Revision-Date: 2012-04-20 17:34+0000\n"
+"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <trans-uk@lists.fedoraproject.org>\n"
"Language: uk\n"
"MIME-Version: 1.0\n"
@@ -129,18 +129,18 @@ msgstr ""
"replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1348 sssd-ldap.5.xml:2096
+#: sss_groupmod.8.xml:74 sssd.conf.5.xml:1585 sssd-ldap.5.xml:2177
#: pam_sss.8.xml:139 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
-#: sssd-ipa.5.xml:562 sssd.8.xml:191 sss_obfuscate.8.xml:103
-#: sss_useradd.8.xml:167 sssd-krb5.5.xml:451 sss_groupadd.8.xml:58
-#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
-#: sss_usermod.8.xml:138 sss_ssh_authorizedkeys.1.xml:96
+#: sssd-ipa.5.xml:581 sssd.8.xml:191 sss_obfuscate.8.xml:103
+#: sss_useradd.8.xml:169 sssd-krb5.5.xml:451 sss_groupadd.8.xml:60
+#: sss_userdel.8.xml:95 sss_groupdel.8.xml:48 sss_groupshow.8.xml:60
+#: sss_usermod.8.xml:140 sss_ssh_authorizedkeys.1.xml:96
#: sss_ssh_knownhostsproxy.1.xml:95
msgid "SEE ALSO"
msgstr "ТАКОЖ ПЕРЕГЛЯНЬТЕ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupmod.8.xml:74
+#: sss_groupmod.8.xml:76
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupadd</"
@@ -266,7 +266,7 @@ msgid "The [sssd] section"
msgstr "Розділ [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
-#: sssd.conf.5.xml:70 sssd.conf.5.xml:1194
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:1431
msgid "Section parameters"
msgstr "Параметри розділу"
@@ -300,17 +300,21 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#: sssd.conf.5.xml:88
msgid ""
-"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
+"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
+"\"with_ssh\">, ssh</phrase>"
msgstr ""
-"Підтримувані служби: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase>"
+"Підтримувані служби: nss, pam <phrase condition=\"with_sudo\">, sudo</"
+"phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
+"condition=\"with_ssh\">, ssh</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:94 sssd.conf.5.xml:257
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:288
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:97 sssd.conf.5.xml:260
+#: sssd.conf.5.xml:99 sssd.conf.5.xml:291
msgid ""
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
@@ -320,17 +324,17 @@ msgstr ""
"визнання подальших спроб безнадійними."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:102 sssd.conf.5.xml:265
+#: sssd.conf.5.xml:104 sssd.conf.5.xml:296
msgid "Default: 3"
msgstr "Типове значення: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:107
+#: sssd.conf.5.xml:109
msgid "domains"
msgstr "domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:110
+#: sssd.conf.5.xml:112
msgid ""
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
@@ -344,12 +348,12 @@ msgstr ""
"до них запитів щодо даних."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:120
+#: sssd.conf.5.xml:122
msgid "re_expression (string)"
msgstr "re_expression (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:123
+#: sssd.conf.5.xml:125
msgid ""
"Regular expression that describes how to parse the string containing user "
"name and domain into these components."
@@ -358,7 +362,7 @@ msgstr ""
"доменом на його частини."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:127
+#: sssd.conf.5.xml:129
msgid ""
"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
@@ -369,7 +373,7 @@ msgstr ""
"домену — все після цього символу."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:132
+#: sssd.conf.5.xml:134
msgid ""
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
@@ -381,7 +385,7 @@ msgstr ""
"платформах з версією libpcre 7."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:139
+#: sssd.conf.5.xml:141
msgid ""
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P&lt;name&gt;) to label subpatterns."
@@ -391,12 +395,12 @@ msgstr ""
"підшаблонів."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:146
+#: sssd.conf.5.xml:148
msgid "full_name_format (string)"
msgstr "full_name_format (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:149
+#: sssd.conf.5.xml:151
msgid ""
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to translate "
@@ -407,17 +411,17 @@ msgstr ""
"кортежу (назва, домен) у назву належного формату."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:157
+#: sssd.conf.5.xml:159
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Типове значення: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:162
+#: sssd.conf.5.xml:164
msgid "try_inotify (boolean)"
msgstr "try_inotify (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:165
+#: sssd.conf.5.xml:167
msgid ""
"SSSD monitors the state of resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
@@ -430,7 +434,7 @@ msgstr ""
"виконуватиметься опитування resolv.conf кожні п’ять секунд."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:173
+#: sssd.conf.5.xml:175
msgid ""
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
@@ -440,7 +444,7 @@ msgstr ""
"рідкісних випадках слід встановити для цього параметра значення «false»."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:179
+#: sssd.conf.5.xml:181
msgid ""
"Default: true on platforms where inotify is supported. False on other "
"platforms."
@@ -449,7 +453,7 @@ msgstr ""
"інших платформах."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:183
+#: sssd.conf.5.xml:185
msgid ""
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
@@ -459,12 +463,12 @@ msgstr ""
"опитування файла."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:190
+#: sssd.conf.5.xml:192
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:193
+#: sssd.conf.5.xml:195
msgid ""
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"files."
@@ -473,7 +477,7 @@ msgstr ""
"Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:197
+#: sssd.conf.5.xml:199
msgid ""
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
@@ -483,7 +487,7 @@ msgstr ""
"для кешу відтворення."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:203
+#: sssd.conf.5.xml:205
msgid ""
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
@@ -491,6 +495,29 @@ msgstr ""
"Типове значення: визначається дистрибутивом та вказується під час збирання. "
"(__LIBKRB5_DEFAULTS__, якщо не вказано)"
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:212
+#, fuzzy
+#| msgid "timeout (integer)"
+msgid "force_timeout (integer)"
+msgstr "timeout (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:215
+msgid ""
+"If a service is not responding to ping checks (see the <quote>timeout</"
+"quote> option), it is first sent the SIGTERM signal that instructs it to "
+"quit gracefully. If the service does not terminate after "
+"<quote>force_timeout</quote> seconds, the monitor will forcibly shut it down "
+"by sending a SIGKILL signal."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:223 sssd.conf.5.xml:542 sssd.conf.5.xml:690
+#: sssd-ldap.5.xml:1034
+msgid "Default: 60"
+msgstr "Типове значення: 60"
+
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#: sssd.conf.5.xml:63
msgid ""
@@ -508,12 +535,12 @@ msgstr ""
"профілів. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:216
+#: sssd.conf.5.xml:234
msgid "SERVICES SECTIONS"
msgstr "РОЗДІЛИ СЛУЖБ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:218
+#: sssd.conf.5.xml:236
msgid ""
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
@@ -526,62 +553,83 @@ msgstr ""
"у розділі <quote>[nss]</quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:225
+#: sssd.conf.5.xml:243
msgid "General service configuration options"
msgstr "Загальні параметри налаштування служб"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:227
+#: sssd.conf.5.xml:245
msgid "These options can be used to configure any service."
msgstr "Цими параметрами можна скористатися для налаштування будь-яких служб."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:231
+#: sssd.conf.5.xml:249
msgid "debug_level (integer)"
msgstr "debug_level (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:235
+#: sssd.conf.5.xml:253
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:238
+#: sssd.conf.5.xml:256
msgid "Add a timestamp to the debug messages"
msgstr "Додати часову позначку до діагностичних повідомлень."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:241 sssd.conf.5.xml:393 sssd-ldap.5.xml:1328
-#: sssd-ldap.5.xml:1446 sssd-ipa.5.xml:206 sssd-ipa.5.xml:241
+#: sssd.conf.5.xml:259 sssd.conf.5.xml:408 sssd.conf.5.xml:793
+#: sssd-ldap.5.xml:1399 sssd-ldap.5.xml:1525 sssd-ipa.5.xml:225
+#: sssd-ipa.5.xml:260
msgid "Default: true"
msgstr "Типове значення: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:246
+#: sssd.conf.5.xml:264
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:249
+#: sssd.conf.5.xml:267
msgid "Add microseconds to the timestamp in debug messages"
msgstr ""
"Додати значення мікросекунд до часової позначки у діагностичних повідомленнях"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:252 sssd.conf.5.xml:658 sssd-ldap.5.xml:602
-#: sssd-ldap.5.xml:1260 sssd-ldap.5.xml:1397 sssd-ldap.5.xml:1795
-#: sssd-ipa.5.xml:123 sssd-ipa.5.xml:301 sssd-krb5.5.xml:235
-#: sssd-krb5.5.xml:269 sssd-krb5.5.xml:418
+#: sssd.conf.5.xml:270 sssd.conf.5.xml:740 sssd.conf.5.xml:1368
+#: sssd-ldap.5.xml:620 sssd-ldap.5.xml:1312 sssd-ldap.5.xml:1331
+#: sssd-ldap.5.xml:1468 sssd-ldap.5.xml:1874 sssd-ipa.5.xml:123
+#: sssd-ipa.5.xml:320 sssd-krb5.5.xml:235 sssd-krb5.5.xml:269
+#: sssd-krb5.5.xml:418
msgid "Default: false"
msgstr "Типове значення: false"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:270
+#: sssd.conf.5.xml:275
+msgid "timeout (integer)"
+msgstr "timeout (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:278
+msgid ""
+"Timeout in seconds between heartbeats for this service. This is used to "
+"ensure that the process is alive and capable of answering requests."
+msgstr ""
+"Проміжок у секундах між циклами роботи цієї служби. Використовується для "
+"перевірки працездатності процесу та його змоги відповідати на запити."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:283 sssd-ldap.5.xml:1183
+msgid "Default: 10"
+msgstr "Типове значення: 10"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:301
msgid "fd_limit"
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:273
+#: sssd.conf.5.xml:304
msgid ""
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
@@ -591,39 +639,17 @@ msgid ""
msgstr ""
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:282
+#: sssd.conf.5.xml:313
msgid "Default: 8192 (or limits.conf \"hard\" limit)"
msgstr ""
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:287
-msgid "command (string)"
-msgstr "command (рядок)"
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:290
-msgid ""
-"By default, the executable representing this service is called <command>sssd_"
-"${service_name}</command>. This directive allows to change the executable "
-"name for the service. In the vast majority of configurations, the default "
-"values should suffice."
-msgstr ""
-"Типово, виконуваний файл служби називається <command>sssd_${service_name}</"
-"command>. За допомогою цієї інструкції ви можете змінити назву виконуваного "
-"файла служби. Здебільшого потреби у зміні типового значення не виникатиме."
-
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:298
-msgid "Default: <command>sssd_${service_name}</command>"
-msgstr "Типове значення: <command>sssd_${назва_служби}</command>"
-
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:306
+#: sssd.conf.5.xml:321
msgid "NSS configuration options"
msgstr "Параметри налаштування NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:308
+#: sssd.conf.5.xml:323
msgid ""
"These options can be used to configure the Name Service Switch (NSS) service."
msgstr ""
@@ -631,12 +657,12 @@ msgstr ""
"Switch (NSS або перемикання служби визначення назв)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:313
+#: sssd.conf.5.xml:328
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:316
+#: sssd.conf.5.xml:331
msgid ""
"How many seconds should nss_sss cache enumerations (requests for info about "
"all users)"
@@ -645,17 +671,17 @@ msgstr ""
"кеші nss_sss у секундах"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:320
+#: sssd.conf.5.xml:335
msgid "Default: 120"
msgstr "Типове значення: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:325
+#: sssd.conf.5.xml:340
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:328
+#: sssd.conf.5.xml:343
msgid ""
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
@@ -666,7 +692,7 @@ msgstr ""
"entry_cache_timeout для домену період часу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:334
+#: sssd.conf.5.xml:349
msgid ""
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
@@ -681,7 +707,7 @@ msgstr ""
"розблокування після оновлення кешу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:344
+#: sssd.conf.5.xml:359
msgid ""
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
@@ -695,17 +721,17 @@ msgstr ""
"можливість."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:352
+#: sssd.conf.5.xml:367
msgid "Default: 50"
msgstr "Типове значення: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:357
+#: sssd.conf.5.xml:372
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:360
+#: sssd.conf.5.xml:375
msgid ""
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
@@ -716,17 +742,17 @@ msgstr ""
"даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:366 sssd.conf.5.xml:686 sssd-krb5.5.xml:223
+#: sssd.conf.5.xml:381 sssd.conf.5.xml:768 sssd-krb5.5.xml:223
msgid "Default: 15"
msgstr "Типове значення: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:371
+#: sssd.conf.5.xml:386
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:374
+#: sssd.conf.5.xml:389
msgid ""
"Exclude certain users from being fetched from the sss NSS database. This is "
"particularly useful for system accounts. This option can also be set per-"
@@ -740,17 +766,17 @@ msgstr ""
"списку користувачами лише з певного домену."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:381
+#: sssd.conf.5.xml:396
msgid "Default: root"
msgstr "Типове значення: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:386
+#: sssd.conf.5.xml:401
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:389
+#: sssd.conf.5.xml:404
msgid ""
"If you want filtered user still be group members set this option to false."
msgstr ""
@@ -758,62 +784,62 @@ msgstr ""
"встановіть для цього параметра значення «false»."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:398
+#: sssd.conf.5.xml:413
msgid "override_homedir (string)"
msgstr "override_homedir (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:407 sssd-krb5.5.xml:166
+#: sssd.conf.5.xml:422 sssd-krb5.5.xml:166
msgid "%u"
msgstr "%u"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:408 sssd-krb5.5.xml:167
+#: sssd.conf.5.xml:423 sssd-krb5.5.xml:167
msgid "login name"
msgstr "ім'я користувача"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:411 sssd-krb5.5.xml:170
+#: sssd.conf.5.xml:426 sssd-krb5.5.xml:170
msgid "%U"
msgstr "%U"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:412
+#: sssd.conf.5.xml:427
msgid "UID number"
msgstr "номер UID"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:415 sssd-krb5.5.xml:188
+#: sssd.conf.5.xml:430 sssd-krb5.5.xml:188
msgid "%d"
msgstr "%d"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:416
+#: sssd.conf.5.xml:431
msgid "domain name"
msgstr "назва домену"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:419
+#: sssd.conf.5.xml:434
msgid "%f"
msgstr "%f"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:420
+#: sssd.conf.5.xml:435
msgid "fully qualified user name (user@domain)"
msgstr "ім’я користувача повністю (користувач@домен)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:423 sssd-krb5.5.xml:200
+#: sssd.conf.5.xml:438 sssd-krb5.5.xml:200
msgid "%%"
msgstr "%%"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:424 sssd-krb5.5.xml:201
+#: sssd.conf.5.xml:439 sssd-krb5.5.xml:201
msgid "a literal '%'"
msgstr "символ відсотків («%»)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:401
+#: sssd.conf.5.xml:416
msgid ""
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
@@ -824,18 +850,43 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:430
+#: sssd.conf.5.xml:445
msgid "This option can also be set per-domain."
msgstr ""
"Значення цього параметра можна встановлювати для кожного з доменів окремо."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:435
+#: sssd.conf.5.xml:450
+#, fuzzy
+#| msgid "mail_dir (string)"
+msgid "fallback_homedir (string)"
+msgstr "mail_dir (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"Set a default template for a user's home directory if one is not specified "
+"explicitly by the domain's data provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:458
+msgid ""
+"The available values for this option are the same as for override_homedir."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:462
+msgid "Default: not set (no substitution for unset home directories)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:468
msgid "allowed_shells (string)"
msgstr "allowed_shells (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:438
+#: sssd.conf.5.xml:471
msgid ""
"Restrict user shell to one of the listed values. The order of evaluation is:"
msgstr ""
@@ -843,13 +894,13 @@ msgstr ""
"визначення оболонки є таким:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:441
+#: sssd.conf.5.xml:474
msgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
msgstr ""
"1. Якщо оболонку вказано у <quote>/etc/shells</quote>, її буде використано."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:445
+#: sssd.conf.5.xml:478
msgid ""
"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
@@ -859,7 +910,7 @@ msgstr ""
"shell_fallback."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:450
+#: sssd.conf.5.xml:483
msgid ""
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
@@ -868,12 +919,12 @@ msgstr ""
"<quote>/etc/shells</quote>, буде використано оболонку nologin."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:455
+#: sssd.conf.5.xml:488
msgid "An empty string for shell is passed as-is to libc."
msgstr "Порожній рядок оболонки буде передано без обробки до libc."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:458
+#: sssd.conf.5.xml:491
msgid ""
"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
@@ -882,29 +933,29 @@ msgstr ""
"тобто у разі встановлення нової оболонки слід перезапустити SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:462
+#: sssd.conf.5.xml:495
msgid "Default: Not set. The user shell is automatically used."
msgstr ""
"Типове значення: не встановлено. Автоматично використовується оболонка "
"користувача."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:467
+#: sssd.conf.5.xml:500
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:470
+#: sssd.conf.5.xml:503
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "Замінити всі записи цих оболонок на shell_fallback"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:475
+#: sssd.conf.5.xml:508
msgid "shell_fallback (string)"
msgstr "shell_fallback (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:478
+#: sssd.conf.5.xml:511
msgid ""
"The default shell to use if an allowed shell is not installed on the machine."
msgstr ""
@@ -912,17 +963,52 @@ msgstr ""
"системі не встановлено."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:482
+#: sssd.conf.5.xml:515
msgid "Default: /bin/sh"
msgstr "Типове значення: /bin/sh"
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:520
+#, fuzzy
+#| msgid "default_shell (string)"
+msgid "default_shell"
+msgstr "default_shell (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:523
+msgid ""
+"The default shell to use if the provider does not return one during lookup. "
+"This option supercedes any other shell options if it takes effect."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:528
+msgid ""
+"Default: not set (Return NULL if no shell is specified and rely on libc to "
+"substitute something sensible when necessary, usually /bin/sh)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:535 sssd.conf.5.xml:683
+#, fuzzy
+#| msgid "entry_negative_timeout (integer)"
+msgid "get_domains_timeout (int)"
+msgstr "entry_negative_timeout (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:538 sssd.conf.5.xml:686
+msgid ""
+"Specifies time in seconds for which the list of subdomains will be "
+"considered valid."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:489
+#: sssd.conf.5.xml:549
msgid "PAM configuration options"
msgstr "Параметри налаштування PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:491
+#: sssd.conf.5.xml:551
msgid ""
"These options can be used to configure the Pluggable Authentication Module "
"(PAM) service."
@@ -931,12 +1017,12 @@ msgstr ""
"Authentication Module (PAM або блокового модуля розпізнавання)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:496
+#: sssd.conf.5.xml:556
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:499
+#: sssd.conf.5.xml:559
msgid ""
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
@@ -946,17 +1032,17 @@ msgstr ""
"входу до системи)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:504 sssd.conf.5.xml:517
+#: sssd.conf.5.xml:564 sssd.conf.5.xml:577
msgid "Default: 0 (No limit)"
msgstr "Типове значення: 0 (без обмежень)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:510
+#: sssd.conf.5.xml:570
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:513
+#: sssd.conf.5.xml:573
msgid ""
"If the authentication provider is offline, how many failed login attempts "
"are allowed."
@@ -965,12 +1051,12 @@ msgstr ""
"дозволену кількість спроб входу з визначенням помилкового пароля."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:523
+#: sssd.conf.5.xml:583
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:526
+#: sssd.conf.5.xml:586
msgid ""
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
@@ -980,7 +1066,7 @@ msgstr ""
"системи."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:531
+#: sssd.conf.5.xml:591
msgid ""
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
@@ -992,17 +1078,17 @@ msgstr ""
"увімкнути можливість автономного розпізнавання."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:537 sssd.conf.5.xml:590 sssd.conf.5.xml:1110
+#: sssd.conf.5.xml:597 sssd.conf.5.xml:650 sssd.conf.5.xml:1315
msgid "Default: 5"
msgstr "Типове значення: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:543
+#: sssd.conf.5.xml:603
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:546
+#: sssd.conf.5.xml:606
msgid ""
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
@@ -1011,43 +1097,43 @@ msgstr ""
"розпізнавання. Чим більшим є значення, тим більше повідомлень буде показано."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:551
+#: sssd.conf.5.xml:611
msgid "Currently sssd supports the following values:"
msgstr "У поточній версії sssd передбачено підтримку таких значень:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:554
+#: sssd.conf.5.xml:614
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: не показувати жодних повідомлень"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:557
+#: sssd.conf.5.xml:617
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: показувати лише важливі повідомлення"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:561
+#: sssd.conf.5.xml:621
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: показувати всі інформаційні повідомлення"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:564
+#: sssd.conf.5.xml:624
msgid "<emphasis>3</emphasis>: show all messages and debug information"
msgstr ""
"<emphasis>3</emphasis>: показувати всі повідомлення та діагностичні дані"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:568 sssd.8.xml:63
+#: sssd.conf.5.xml:628 sssd.8.xml:63
msgid "Default: 1"
msgstr "Типове значення: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:573
+#: sssd.conf.5.xml:633
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:576
+#: sssd.conf.5.xml:636
msgid ""
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
@@ -1058,7 +1144,7 @@ msgstr ""
"що розпізнавання виконується на основі найсвіжіших даних."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:582
+#: sssd.conf.5.xml:642
msgid ""
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
@@ -1072,18 +1158,18 @@ msgstr ""
"надання даних профілів."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:596
+#: sssd.conf.5.xml:656
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (ціле число)"
-#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:599
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:659 sssd.conf.5.xml:972
msgid "Display a warning N days before the password expires."
msgstr ""
"Показати попередження за вказану кількість днів перед завершенням дії пароля."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:602
+#: sssd.conf.5.xml:662
msgid ""
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
@@ -1093,28 +1179,42 @@ msgstr ""
"дії пароля. Якщо ці дані не буде виявлено, sssd не зможе показати "
"попередження."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:668 sssd.conf.5.xml:975
+msgid ""
+"If zero is set, then this filter is not applied, i.e. if the expiration "
+"warning was received from backend server, it will automatically be displayed."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:608
-msgid "Default: 7"
-msgstr "Типове значення: 7"
+#: sssd.conf.5.xml:673
+msgid ""
+"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
+"emphasis> for a particular domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:678 sssd.8.xml:79
+msgid "Default: 0"
+msgstr "Типове значення: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:616
+#: sssd.conf.5.xml:698
msgid "SUDO configuration options"
msgstr "Параметри налаштування SUDO"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:618
+#: sssd.conf.5.xml:700
msgid "These options can be used to configure the sudo service."
msgstr "Цими параметрами можна скористатися для налаштування служби sudo."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:625
+#: sssd.conf.5.xml:707
msgid "sudo_cache_timeout (integer)"
msgstr "sudo_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:628
+#: sssd.conf.5.xml:710
msgid ""
"For any sudo request that comes while SSSD is online, the SSSD will attempt "
"to update the cached rules in order to ensure that sudo has the latest "
@@ -1125,7 +1225,7 @@ msgstr ""
"використання у sudo найсвіжішого набору правил."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:634
+#: sssd.conf.5.xml:716
msgid ""
"The user may, however, run a couple of sudo commands successively, which "
"would trigger multiple LDAP requests. In order to speed up this use-case, "
@@ -1139,7 +1239,7 @@ msgstr ""
"відповідей."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:641
+#: sssd.conf.5.xml:723
msgid ""
"This option controls how long (in seconds) can the sudo service cache rules "
"for a user."
@@ -1148,17 +1248,17 @@ msgstr ""
"зберігання службою sudo паролів у кеші."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:645
+#: sssd.conf.5.xml:727
msgid "Default: 180"
msgstr "Типове значення: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:650
+#: sssd.conf.5.xml:732
msgid "sudo_timed (bool)"
msgstr "sudo_timed (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:653
+#: sssd.conf.5.xml:735
msgid ""
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
@@ -1167,22 +1267,22 @@ msgstr ""
"призначені для визначення часових обмежень для записів sudoers."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:666
+#: sssd.conf.5.xml:748
msgid "AUTOFS configuration options"
msgstr "Параметри налаштування AUTOFS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:668
+#: sssd.conf.5.xml:750
msgid "These options can be used to configure the autofs service."
msgstr "Цими параметрами можна скористатися для налаштування служби autofs."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:676
+#: sssd.conf.5.xml:758
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:679
+#: sssd.conf.5.xml:761
msgid ""
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
@@ -1192,18 +1292,46 @@ msgstr ""
"негативні результати пошуку у кеші (тобто запити щодо некоректних записів у "
"базі даних, зокрема неіснуючих) перед повторним запитом до сервера обробки."
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:776
+#, fuzzy
+#| msgid "NSS configuration options"
+msgid "SSH configuration options"
+msgstr "Параметри налаштування NSS"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:778
+#, fuzzy
+#| msgid "These options can be used to configure the sudo service."
+msgid "These options can be used to configure the SSH service."
+msgstr "Цими параметрами можна скористатися для налаштування служби sudo."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:786
+#, fuzzy
+#| msgid "sss_ssh_knownhostsproxy"
+msgid "ssh_hash_known_hosts (bool)"
+msgstr "sss_ssh_knownhostsproxy"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:789
+msgid ""
+"Whether or not to hash host names and adresses in the managed known_hosts "
+"file."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:696
+#: sssd.conf.5.xml:803
msgid "DOMAIN SECTIONS"
msgstr "РОЗДІЛИ ДОМЕНІВ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:703
+#: sssd.conf.5.xml:810
msgid "min_id,max_id (integer)"
msgstr "min_id,max_id (ціле значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:706
+#: sssd.conf.5.xml:813
msgid ""
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
@@ -1212,7 +1340,7 @@ msgstr ""
"відповідає цим обмеженням, його буде проігноровано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:711
+#: sssd.conf.5.xml:818
msgid ""
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
@@ -1225,36 +1353,17 @@ msgstr ""
"основної групи і належать діапазону, буде виведено у звичайному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:718
+#: sssd.conf.5.xml:825
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Типові значення: 1 для min_id, 0 (без обмежень) для max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:724
-msgid "timeout (integer)"
-msgstr "timeout (ціле число)"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:727
-msgid ""
-"Timeout in seconds between heartbeats for this domain. This is used to "
-"ensure that the backend process is alive and capable of answering requests."
-msgstr ""
-"Часовий проміжок у секундах для тактів цього домену. Використовується для "
-"забезпечення роботи процесу основного модуля, який має відповідати на запити."
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:732 sssd-ldap.5.xml:1131
-msgid "Default: 10"
-msgstr "Типове значення: 10"
-
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:738
+#: sssd.conf.5.xml:831
msgid "enumerate (bool)"
msgstr "enumerate (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:741
+#: sssd.conf.5.xml:834
msgid ""
"Determines if a domain can be enumerated. This parameter can have one of the "
"following values:"
@@ -1263,22 +1372,22 @@ msgstr ""
"значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:745
+#: sssd.conf.5.xml:838
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = користувачі і групи нумеруються"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:748
+#: sssd.conf.5.xml:841
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = не використовувати нумерацію для цього домену"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:751 sssd.conf.5.xml:856 sssd.conf.5.xml:910
+#: sssd.conf.5.xml:844 sssd.conf.5.xml:949 sssd.conf.5.xml:1031
msgid "Default: FALSE"
msgstr "Типове значення: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:754
+#: sssd.conf.5.xml:847
msgid ""
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
@@ -1293,7 +1402,7 @@ msgstr ""
"системи виконанням нумерації."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:764
+#: sssd.conf.5.xml:857
msgid ""
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
@@ -1303,7 +1412,7 @@ msgstr ""
"завершено."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:769
+#: sssd.conf.5.xml:862
msgid ""
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
@@ -1317,12 +1426,12 @@ msgstr ""
"відповідного використаного засобу обробки ідентифікаторів (id_provider)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:780
+#: sssd.conf.5.xml:873
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:783
+#: sssd.conf.5.xml:876
msgid ""
"How many seconds should nss_sss consider entries valid before asking the "
"backend again"
@@ -1331,17 +1440,17 @@ msgstr ""
"надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:787
+#: sssd.conf.5.xml:880
msgid "Default: 5400"
msgstr "Типове значення: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:793
+#: sssd.conf.5.xml:886
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:796
+#: sssd.conf.5.xml:889
msgid ""
"How many seconds should nss_sss consider user entries valid before asking "
"the backend again"
@@ -1350,18 +1459,18 @@ msgstr ""
"чинними, перш ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:800 sssd.conf.5.xml:813 sssd.conf.5.xml:826
-#: sssd.conf.5.xml:839
+#: sssd.conf.5.xml:893 sssd.conf.5.xml:906 sssd.conf.5.xml:919
+#: sssd.conf.5.xml:932
msgid "Default: entry_cache_timeout"
msgstr "Типове значення: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:806
+#: sssd.conf.5.xml:899
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:809
+#: sssd.conf.5.xml:902
msgid ""
"How many seconds should nss_sss consider group entries valid before asking "
"the backend again"
@@ -1370,12 +1479,12 @@ msgstr ""
"ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:819
+#: sssd.conf.5.xml:912
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:822
+#: sssd.conf.5.xml:915
msgid ""
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
@@ -1384,12 +1493,12 @@ msgstr ""
"чинними, перш ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:832
+#: sssd.conf.5.xml:925
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:835
+#: sssd.conf.5.xml:928
msgid ""
"How many seconds should nss_sss consider service entries valid before asking "
"the backend again"
@@ -1398,31 +1507,31 @@ msgstr ""
"ніж надсилати повторний запит до сервера"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:845
+#: sssd.conf.5.xml:938
msgid "cache_credentials (bool)"
msgstr "cache_credentials (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:848
+#: sssd.conf.5.xml:941
msgid "Determines if user credentials are also cached in the local LDB cache"
msgstr ""
"Визначає, чи слід також кешувати реєстраційні дані користувача у локальному "
"кеші LDB"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:852
+#: sssd.conf.5.xml:945
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
msgstr ""
"Реєстраційні дані користувача зберігаються у форматі хешу SHA512, а не у "
"форматі звичайного тексту"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:861
+#: sssd.conf.5.xml:954
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:864
+#: sssd.conf.5.xml:957
msgid ""
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
@@ -1435,47 +1544,85 @@ msgstr ""
"offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:871
+#: sssd.conf.5.xml:964
msgid "Default: 0 (unlimited)"
msgstr "Типове значення: 0 (без обмежень)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:877
+#: sssd.conf.5.xml:969
+#, fuzzy
+#| msgid "pam_pwd_expiration_warning (integer)"
+msgid "pwd_expiration_warning (integer)"
+msgstr "pam_pwd_expiration_warning (ціле число)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:980
+#, fuzzy
+#| msgid ""
+#| "Please note that the backend server has to provide information about the "
+#| "expiration time of the password. If this information is missing, sssd "
+#| "cannot display a warning."
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning. Also an auth provider has to be configured for the "
+"backend."
+msgstr ""
+"Будь ласка, зауважте, що сервер обробки має надати дані щодо часу завершення "
+"дії пароля. Якщо ці дані не буде виявлено, sssd не зможе показати "
+"попередження."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:987
+#, fuzzy
+#| msgid "Default: memberHost"
+msgid "Default: 7 (Kerberos), 0 (LDAP)"
+msgstr "Типове значення: memberHost"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:993
msgid "id_provider (string)"
msgstr "id_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:880
+#: sssd.conf.5.xml:996
msgid "The Data Provider identity backend to use for this domain."
msgstr "Модуль надання даних щодо профілів користувачів для цього домену."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:884
+#: sssd.conf.5.xml:1000
msgid "Supported backends:"
msgstr "Підтримувані модулі:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:887
+#: sssd.conf.5.xml:1003
msgid "proxy: Support a legacy NSS provider"
msgstr "proxy: підтримка застарілого модуля надання даних NSS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:890
+#: sssd.conf.5.xml:1006
msgid "local: SSSD internal local provider"
msgstr "local: вбудований модуль надання локальних даних SSSD"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:893
+#: sssd.conf.5.xml:1009
msgid "ldap: LDAP provider"
msgstr "ldap: модуль надання даних LDAP"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:899
+#: sssd.conf.5.xml:1015
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:902
+#: sssd.conf.5.xml:1018
+msgid ""
+"Use the full name and domain (as formatted by the domain's full_name_format) "
+"as the user's login name reported to NSS."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1023
msgid ""
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
@@ -1488,12 +1635,12 @@ msgstr ""
"не покаже користувача, а <command>getent passwd test@LOCAL</command> покаже."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:915
+#: sssd.conf.5.xml:1036
msgid "auth_provider (string)"
msgstr "auth_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:918
+#: sssd.conf.5.xml:1039
msgid ""
"The authentication provider used for the domain. Supported auth providers "
"are:"
@@ -1502,7 +1649,7 @@ msgstr ""
"служб розпізнавання:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:922
+#: sssd.conf.5.xml:1043
msgid ""
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1514,7 +1661,7 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:929
+#: sssd.conf.5.xml:1050
msgid ""
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1526,18 +1673,18 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:936
+#: sssd.conf.5.xml:1057
msgid ""
"<quote>proxy</quote> for relaying authentication to some other PAM target."
msgstr "<quote>proxy</quote> — трансльоване розпізнавання у іншій системі PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:939
+#: sssd.conf.5.xml:1060
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> — вимкнути розпізнавання повністю."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:942
+#: sssd.conf.5.xml:1063
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
@@ -1546,12 +1693,12 @@ msgstr ""
"спосіб встановлено і можлива обробка запитів щодо розпізнавання."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:948
+#: sssd.conf.5.xml:1069
msgid "access_provider (string)"
msgstr "access_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:951
+#: sssd.conf.5.xml:1072
msgid ""
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
@@ -1562,17 +1709,19 @@ msgstr ""
"Вбудованими програмами є:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:957
-msgid "<quote>permit</quote> always allow access."
-msgstr "<quote>permit</quote> — завжди дозволяти доступ."
+#: sssd.conf.5.xml:1078
+msgid ""
+"<quote>permit</quote> always allow access. It's the only permitted access "
+"provider for a local domain."
+msgstr ""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:960
+#: sssd.conf.5.xml:1081
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> — завжди забороняти доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:963
+#: sssd.conf.5.xml:1084
msgid ""
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
@@ -1585,17 +1734,17 @@ msgstr ""
"refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:970
+#: sssd.conf.5.xml:1091
msgid "Default: <quote>permit</quote>"
msgstr "Типове значення: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:975
+#: sssd.conf.5.xml:1096
msgid "chpass_provider (string)"
msgstr "chpass_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:978
+#: sssd.conf.5.xml:1099
msgid ""
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
@@ -1604,7 +1753,7 @@ msgstr ""
"підтримку таких систем зміни паролів:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:983
+#: sssd.conf.5.xml:1104
msgid ""
"<quote>ipa</quote> to change a password stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1616,7 +1765,7 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:991
+#: sssd.conf.5.xml:1112
msgid ""
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
@@ -1628,7 +1777,7 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:999
+#: sssd.conf.5.xml:1120
msgid ""
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1640,18 +1789,18 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1007
+#: sssd.conf.5.xml:1128
msgid ""
"<quote>proxy</quote> for relaying password changes to some other PAM target."
msgstr "<quote>proxy</quote> — трансльована зміна пароля у іншій системі PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1011
+#: sssd.conf.5.xml:1132
msgid "<quote>none</quote> disallows password changes explicitly."
msgstr "<quote>none</quote> — явно вимкнути можливість зміни пароля."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1014
+#: sssd.conf.5.xml:1135
msgid ""
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
@@ -1660,19 +1809,19 @@ msgstr ""
"цього параметра і якщо система здатна обробляти запити щодо паролів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1021
+#: sssd.conf.5.xml:1142
msgid "sudo_provider (string)"
msgstr "sudo_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1027
+#: sssd.conf.5.xml:1148
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
msgstr ""
"Служба SUDO, яку використано для цього домену. Серед підтримуваних служб "
"SUDO:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1031
+#: sssd.conf.5.xml:1152
msgid ""
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
@@ -1684,24 +1833,24 @@ msgstr ""
"citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1038
+#: sssd.conf.5.xml:1159
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote> явним чином вимикає SUDO."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1041
+#: sssd.conf.5.xml:1162 sssd.conf.5.xml:1246 sssd.conf.5.xml:1271
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
msgstr ""
"Типове значення: використовується значення <quote>id_provider</quote>, якщо "
"його встановлено."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1047
+#: sssd.conf.5.xml:1168
msgid "session_provider (string)"
msgstr "session_provider (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1050
+#: sssd.conf.5.xml:1171
msgid ""
"The provider which should handle loading of session settings. Supported "
"session providers are:"
@@ -1710,7 +1859,7 @@ msgstr ""
"підтримуваних служб сеансів:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1055
+#: sssd.conf.5.xml:1176
msgid ""
"<quote>ipa</quote> to load session settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
@@ -1722,14 +1871,14 @@ msgstr ""
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1063
+#: sssd.conf.5.xml:1184
msgid "<quote>none</quote> disallows fetching session settings explicitly."
msgstr ""
"<quote>none</quote> явним чином забороняє отримання даних щодо параметрів "
"сеансу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1066
+#: sssd.conf.5.xml:1187
msgid ""
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"session loading requests."
@@ -1738,12 +1887,136 @@ msgstr ""
"спосіб встановлено і можлива обробка запитів щодо завантаження сеансу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1073
+#: sssd.conf.5.xml:1193
+#, fuzzy
+#| msgid "sudo_provider (string)"
+msgid "subdomains_provider (string)"
+msgstr "sudo_provider (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1196
+#, fuzzy
+#| msgid ""
+#| "The provider which should handle loading of session settings. Supported "
+#| "session providers are:"
+msgid ""
+"The provider which should handle fetching of subdomains. This value should "
+"be always the same as id_provider. Supported subdomain providers are:"
+msgstr ""
+"Служба, яка має обробляти завантаження параметрів сеансу. Серед "
+"підтримуваних служб сеансів:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1201
+#, fuzzy
+#| msgid ""
+#| "<quote>ipa</quote> to load session settings from an IPA server. See "
+#| "<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+#| "manvolnum> </citerefentry> for more information on configuring IPA."
+msgid ""
+"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+"<quote>ipa</quote> для завантаження параметрів сеансів з сервера IPA. "
+"Докладніші відомості щодо налаштування IPA викладено у довіднику з "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1209
+#, fuzzy
+#| msgid "<quote>none</quote> disallows fetching session settings explicitly."
+msgid "<quote>none</quote> disallows fetching subdomains explicitly."
+msgstr ""
+"<quote>none</quote> явним чином забороняє отримання даних щодо параметрів "
+"сеансу."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1212 sssd-ldap.5.xml:1499
+msgid "Default: none"
+msgstr "Типове значення: none"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1218
+msgid "autofs_provider (string)"
+msgstr "autofs_provider (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1224
+msgid ""
+"The autofs provider used for the domain. Supported autofs providers are:"
+msgstr ""
+"Служба autofs, яку використано для цього домену. Серед підтримуваних служб "
+"autofs:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1228
+msgid ""
+"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring LDAP."
+msgstr ""
+"<quote>ldap</quote> — завантажити карти, що зберігаються у LDAP. Докладніше "
+"про налаштовування LDAP можна дізнатися з довідки до <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1235
+msgid ""
+"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
+"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
+"citerefentry> for more information on configuring IPA."
+msgstr ""
+"<quote>ipa</quote> — завантажити карти, що зберігається на сервері IPA. "
+"Докладніші відомості щодо налаштування IPA викладено у довіднику з "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></"
+"manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1243
+msgid "<quote>none</quote> disables autofs explicitly."
+msgstr "<quote>none</quote> вимикає autofs повністю."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1253
+msgid "hostid_provider (string)"
+msgstr "hostid_provider (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1256
+msgid ""
+"The provider used for retrieving host identity information. Supported "
+"hostid providers are:"
+msgstr ""
+"Засіб надання даних, який використовується для отримання даних щодо профілю "
+"вузла. Серед підтримуваних засобів надання hostid:"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1260
+msgid ""
+"<quote>ipa</quote> to load host identity stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
+"manvolnum> </citerefentry> for more information on configuring IPA."
+msgstr ""
+"<quote>ipa</quote> — завантажити профіль системи, що зберігається на сервері "
+"IPA. Докладніші відомості щодо налаштування IPA викладено у довіднику з "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum></"
+"manvolnum> </citerefentry>."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1268
+msgid "<quote>none</quote> disables hostid explicitly."
+msgstr "<quote>none</quote> вимикає hostid повністю."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1278
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1076
+#: sssd.conf.5.xml:1281
msgid ""
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
@@ -1752,48 +2025,48 @@ msgstr ""
"під час виконання пошуків у DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1080
+#: sssd.conf.5.xml:1285
msgid "Supported values:"
msgstr "Передбачено підтримку таких значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1083
+#: sssd.conf.5.xml:1288
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr ""
"ipv4_first: спробувати визначити адресу у форматі IPv4, у разі невдачі "
"спробувати формат IPv6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1086
+#: sssd.conf.5.xml:1291
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr ""
"ipv4_only: намагатися визначити назви вузлів лише у форматі адрес IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1089
+#: sssd.conf.5.xml:1294
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr ""
"ipv6_first: спробувати визначити адресу у форматі IPv6, у разі невдачі "
"спробувати формат IPv4"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1092
+#: sssd.conf.5.xml:1297
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr ""
"ipv6_only: намагатися визначити назви вузлів лише у форматі адрес IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1095
+#: sssd.conf.5.xml:1300
msgid "Default: ipv4_first"
msgstr "Типове значення: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1101
+#: sssd.conf.5.xml:1306
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1104
+#: sssd.conf.5.xml:1309
msgid ""
"Defines the amount of time (in seconds) to wait for a reply from the DNS "
"resolver before assuming that it is unreachable. If this timeout is reached, "
@@ -1804,12 +2077,12 @@ msgstr ""
"очікування буде перевищено, домен продовжуватиме роботу у автономному режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1116
+#: sssd.conf.5.xml:1321
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1119
+#: sssd.conf.5.xml:1324
msgid ""
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
@@ -1818,28 +2091,28 @@ msgstr ""
"частину запиту визначення служб DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1123
+#: sssd.conf.5.xml:1328
msgid "Default: Use the domain part of machine's hostname"
msgstr ""
"Типова поведінка: використовувати назву домену з назви вузла комп’ютера."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1129
+#: sssd.conf.5.xml:1334
msgid "override_gid (integer)"
msgstr "override_gid (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1132
+#: sssd.conf.5.xml:1337
msgid "Override the primary GID value with the one specified."
msgstr "Замірити значення основного GID на вказане."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1138
+#: sssd.conf.5.xml:1343
msgid "case_sensitive (boolean)"
msgstr "case_sensitive (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1141
+#: sssd.conf.5.xml:1346
msgid ""
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider."
@@ -1848,12 +2121,52 @@ msgstr ""
"версії підтримку передбачено лише для локальних надавачів даних."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1146
+#: sssd.conf.5.xml:1351
msgid "Default: True"
msgstr "Типове значення: True"
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1357
+msgid "proxy_fast_alias (boolean)"
+msgstr "proxy_fast_alias (булеве значення)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1360
+msgid ""
+"When a user or group is looked up by name in the proxy provider, a second "
+"lookup by ID is performed to \"canonicalize\" the name in case the requested "
+"name was an alias. Setting this option to true would cause the SSSD to "
+"perform the ID lookup from cache for performance reasons."
+msgstr ""
+"Під час пошуку запису користувача чи групи за назвою у системі надання даних "
+"переадресації виконується вторинний пошук за ідентифікатором з метою "
+"визначення «канонічної» форми назви, якщо результат знайдено за "
+"альтернативною назвою (псевдонімом). Встановлення для цього параметра "
+"значення «true» призведе до того, що SSSD виконуватиме пошук ідентифікатора "
+"у кеші, щоб пришвидшити надання результатів."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:1374
+#, fuzzy
+#| msgid "override_homedir (string)"
+msgid "subdomain_homedir (string)"
+msgstr "override_homedir (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1377
+msgid ""
+"Use this homedir as default value for all subdomains within this domain. See "
+"<emphasis>override_homedir</emphasis> for info about possible values."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:1382
+msgid ""
+"The value can be overridden by <emphasis>override_homedir</emphasis> option."
+msgstr ""
+
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:698
+#: sssd.conf.5.xml:805
msgid ""
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
@@ -1864,17 +2177,17 @@ msgstr ""
"quote> <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1158
+#: sssd.conf.5.xml:1395
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1161
+#: sssd.conf.5.xml:1398
msgid "The proxy target PAM proxies to."
msgstr "Комп’ютер, для якого виконує проксі-сервер PAM."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1164
+#: sssd.conf.5.xml:1401
msgid ""
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
@@ -1883,12 +2196,12 @@ msgstr ""
"налаштуваннями pam або створити нові і тут додати назву служби."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1172
+#: sssd.conf.5.xml:1409
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1175
+#: sssd.conf.5.xml:1412
msgid ""
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
@@ -1899,7 +2212,7 @@ msgstr ""
"наприклад _nss_files_getpwent."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1154
+#: sssd.conf.5.xml:1391
msgid ""
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"\"0\"/>"
@@ -1908,12 +2221,12 @@ msgstr ""
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
-#: sssd.conf.5.xml:1187
+#: sssd.conf.5.xml:1424
msgid "The local domain section"
msgstr "Розділ локального домену"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
-#: sssd.conf.5.xml:1189
+#: sssd.conf.5.xml:1426
msgid ""
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
@@ -1924,29 +2237,29 @@ msgstr ""
"використовує <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1196
+#: sssd.conf.5.xml:1433
msgid "default_shell (string)"
msgstr "default_shell (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1199
+#: sssd.conf.5.xml:1436
msgid "The default shell for users created with SSSD userspace tools."
msgstr ""
"Типова оболонка для записів користувачів, створених за допомогою "
"інструментів простору користувачів SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1203
+#: sssd.conf.5.xml:1440
msgid "Default: <filename>/bin/bash</filename>"
msgstr "Типове значення: <filename>/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1208
+#: sssd.conf.5.xml:1445
msgid "base_directory (string)"
msgstr "base_directory (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1211
+#: sssd.conf.5.xml:1448
msgid ""
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
@@ -1955,17 +2268,17 @@ msgstr ""
"replaceable> і використовують отриману адресу як адресу домашнього каталогу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1216
+#: sssd.conf.5.xml:1453
msgid "Default: <filename>/home</filename>"
msgstr "Типове значення: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1221
+#: sssd.conf.5.xml:1458
msgid "create_homedir (bool)"
msgstr "create_homedir (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1224
+#: sssd.conf.5.xml:1461
msgid ""
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
@@ -1974,17 +2287,17 @@ msgstr ""
"Може бути перевизначено з командного рядка."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1228 sssd.conf.5.xml:1240
+#: sssd.conf.5.xml:1465 sssd.conf.5.xml:1477
msgid "Default: TRUE"
msgstr "Типове значення: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1233
+#: sssd.conf.5.xml:1470
msgid "remove_homedir (bool)"
msgstr "remove_homedir (булівське значення)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1236
+#: sssd.conf.5.xml:1473
msgid ""
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
@@ -1993,12 +2306,12 @@ msgstr ""
"користувачів. Може бути перевизначено з командного рядка."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1245
+#: sssd.conf.5.xml:1482
msgid "homedir_umask (integer)"
msgstr "homedir_umask (ціле число)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1248
+#: sssd.conf.5.xml:1485
msgid ""
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
@@ -2009,17 +2322,17 @@ msgstr ""
"до щойно створеного домашнього каталогу."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1256
+#: sssd.conf.5.xml:1493
msgid "Default: 077"
msgstr "Типове значення: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1261
+#: sssd.conf.5.xml:1498
msgid "skel_dir (string)"
msgstr "skel_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1264
+#: sssd.conf.5.xml:1501
msgid ""
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
@@ -2032,17 +2345,17 @@ msgstr ""
"<manvolnum>8</manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1274
+#: sssd.conf.5.xml:1511
msgid "Default: <filename>/etc/skel</filename>"
msgstr "Типове значення: <filename>/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1279
+#: sssd.conf.5.xml:1516
msgid "mail_dir (string)"
msgstr "mail_dir (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1282
+#: sssd.conf.5.xml:1519
msgid ""
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
@@ -2053,17 +2366,17 @@ msgstr ""
"каталог не вказано, буде використано типове значення."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1289
+#: sssd.conf.5.xml:1526
msgid "Default: <filename>/var/mail</filename>"
msgstr "Типове значення: <filename>/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
-#: sssd.conf.5.xml:1294
+#: sssd.conf.5.xml:1531
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (рядок)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1297
+#: sssd.conf.5.xml:1534
msgid ""
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
@@ -2074,18 +2387,18 @@ msgstr ""
"вилучається. Код виконання, повернутий програмою не обробляється."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
-#: sssd.conf.5.xml:1303
+#: sssd.conf.5.xml:1540
msgid "Default: None, no command is run"
msgstr "Типове значення: None, не виконувати жодних команд"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd.conf.5.xml:1313 sssd-ldap.5.xml:2064 sssd-simple.5.xml:126
-#: sssd-ipa.5.xml:544 sssd-krb5.5.xml:432
+#: sssd.conf.5.xml:1550 sssd-ldap.5.xml:2145 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:563 sssd-krb5.5.xml:432
msgid "EXAMPLE"
msgstr "ПРИКЛАД"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd.conf.5.xml:1319
+#: sssd.conf.5.xml:1556
#, no-wrap
msgid ""
"[sssd]\n"
@@ -2139,7 +2452,7 @@ msgstr ""
"enumerate = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1315
+#: sssd.conf.5.xml:1552
msgid ""
"The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
@@ -2151,7 +2464,7 @@ msgstr ""
"щодо налаштування доменів. <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd.conf.5.xml:1350
+#: sssd.conf.5.xml:1587
msgid ""
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -2410,16 +2723,28 @@ msgstr "ldap_schema (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#: sssd-ldap.5.xml:161
+#, fuzzy
+#| msgid ""
+#| "Specifies the Schema Type in use on the target LDAP server. Depending on "
+#| "the selected schema, the default attribute names retrieved from the "
+#| "servers may vary. The way that some attributes are handled may also "
+#| "differ. Three schema types are currently supported: rfc2307 rfc2307bis "
+#| "IPA The main difference between these schema types is how group "
+#| "memberships are recorded in the server. With rfc2307, group members are "
+#| "listed by name in the <emphasis>memberUid</emphasis> attribute. With "
+#| "rfc2307bis and IPA, group members are listed by DN and stored in the "
+#| "<emphasis>member</emphasis> attribute."
msgid ""
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
-"may vary. The way that some attributes are handled may also differ. Three "
-"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"may vary. The way that some attributes are handled may also differ. Four "
+"schema types are currently supported: rfc2307 rfc2307bis IPA AD The main "
"difference between these schema types is how group memberships are recorded "
"in the server. With rfc2307, group members are listed by name in the "
"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
"members are listed by DN and stored in the <emphasis>member</emphasis> "
-"attribute."
+"attribute. The AD schema type sets the attributes to correspond with Active "
+"Directory 2008r2 values."
msgstr ""
"Визначає тип схеми, який використовується на сервері LDAP призначення. "
"Залежно від вибраної схеми може змінюватися перелік типових назв атрибутів, "
@@ -2432,59 +2757,59 @@ msgstr ""
"сам список зберігатиметься у атрибуті <emphasis>member</emphasis>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:180
+#: sssd-ldap.5.xml:183
msgid "Default: rfc2307"
msgstr "Типове значення: rfc2307"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:186
+#: sssd-ldap.5.xml:189
msgid "ldap_default_bind_dn (string)"
msgstr "ldap_default_bind_dn (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:189
+#: sssd-ldap.5.xml:192
msgid "The default bind DN to use for performing LDAP operations."
msgstr ""
"Типова назва домену прив’язки, яку слід використовувати для виконання дій "
"LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:196
+#: sssd-ldap.5.xml:199
msgid "ldap_default_authtok_type (string)"
msgstr "ldap_default_authtok_type (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:199
+#: sssd-ldap.5.xml:202
msgid "The type of the authentication token of the default bind DN."
msgstr "Тип розпізнавання для типової назви сервера прив’язки."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:203
+#: sssd-ldap.5.xml:206
msgid "The two mechanisms currently supported are:"
msgstr "У поточній версії передбачено підтримку двох механізмів:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:206
+#: sssd-ldap.5.xml:209
msgid "password"
msgstr "password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:209
+#: sssd-ldap.5.xml:212
msgid "obfuscated_password"
msgstr "obfuscated_password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:212
+#: sssd-ldap.5.xml:215
msgid "Default: password"
msgstr "Типове значення: password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:218
+#: sssd-ldap.5.xml:221
msgid "ldap_default_authtok (string)"
msgstr "ldap_default_authtok (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:221
+#: sssd-ldap.5.xml:224
msgid ""
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
@@ -2493,133 +2818,155 @@ msgstr ""
"передбачено підтримку лише паролів у форматі звичайного тексту."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:228
+#: sssd-ldap.5.xml:231
msgid "ldap_user_object_class (string)"
msgstr "ldap_user_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:231
+#: sssd-ldap.5.xml:234
msgid "The object class of a user entry in LDAP."
msgstr "Клас об’єктів запису користувача у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:234
+#: sssd-ldap.5.xml:237
msgid "Default: posixAccount"
msgstr "Типове значення: posixAccount"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:240
+#: sssd-ldap.5.xml:243
msgid "ldap_user_name (string)"
msgstr "ldap_user_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:243
+#: sssd-ldap.5.xml:246
msgid "The LDAP attribute that corresponds to the user's login name."
msgstr "Атрибут LDAP, що відповідає назві облікового запису користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:247
+#: sssd-ldap.5.xml:250
msgid "Default: uid"
msgstr "Типове значення: uid"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:253
+#: sssd-ldap.5.xml:256
msgid "ldap_user_uid_number (string)"
msgstr "ldap_user_uid_number (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:256
+#: sssd-ldap.5.xml:259
msgid "The LDAP attribute that corresponds to the user's id."
msgstr "Атрибут LDAP, що відповідає ідентифікатору користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:260
+#: sssd-ldap.5.xml:263
msgid "Default: uidNumber"
msgstr "Типове значення: uidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:266
+#: sssd-ldap.5.xml:269
msgid "ldap_user_gid_number (string)"
msgstr "ldap_user_gid_number (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:269
+#: sssd-ldap.5.xml:272
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr "Атрибут LDAP, що відповідає ідентифікатору основної групи користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:273 sssd-ldap.5.xml:740
+#: sssd-ldap.5.xml:276 sssd-ldap.5.xml:758
msgid "Default: gidNumber"
msgstr "Типове значення: gidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:279
+#: sssd-ldap.5.xml:282
msgid "ldap_user_gecos (string)"
msgstr "ldap_user_gecos (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:282
+#: sssd-ldap.5.xml:285
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr "Атрибут LDAP, що відповідає полю gecos користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:286
+#: sssd-ldap.5.xml:289
msgid "Default: gecos"
msgstr "Типове значення: gecos"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:292
+#: sssd-ldap.5.xml:295
msgid "ldap_user_home_directory (string)"
msgstr "ldap_user_home_directory (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:295
+#: sssd-ldap.5.xml:298
msgid "The LDAP attribute that contains the name of the user's home directory."
msgstr "Атрибут LDAP, що містить назву домашнього каталогу користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:299
+#: sssd-ldap.5.xml:302
msgid "Default: homeDirectory"
msgstr "Типове значення: homeDirectory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:305
+#: sssd-ldap.5.xml:308
msgid "ldap_user_shell (string)"
msgstr "ldap_user_shell (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:308
+#: sssd-ldap.5.xml:311
msgid "The LDAP attribute that contains the path to the user's default shell."
msgstr ""
"Атрибут LDAP, що містить шлях до типової командної оболонки користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:312
+#: sssd-ldap.5.xml:315
msgid "Default: loginShell"
msgstr "Типове значення: loginShell"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:318
+#: sssd-ldap.5.xml:321
msgid "ldap_user_uuid (string)"
msgstr "ldap_user_uuid (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:321
+#: sssd-ldap.5.xml:324
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта користувача LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:325 sssd-ldap.5.xml:766 sssd-ldap.5.xml:878
+#: sssd-ldap.5.xml:328 sssd-ldap.5.xml:784 sssd-ldap.5.xml:911
msgid "Default: nsUniqueId"
msgstr "Типове значення: nsUniqueId"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:331
+#: sssd-ldap.5.xml:334
+#, fuzzy
+#| msgid "ldap_user_object_class (string)"
+msgid "ldap_user_objectsid (string)"
+msgstr "ldap_user_object_class (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP user object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта користувача LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:342 sssd-ldap.5.xml:798
+msgid "Default: objectSid for ActiveDirectory, not set for other servers."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:349
msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:334 sssd-ldap.5.xml:775 sssd-ldap.5.xml:887
+#: sssd-ldap.5.xml:352 sssd-ldap.5.xml:808 sssd-ldap.5.xml:920
msgid ""
"The LDAP attribute that contains timestamp of the last modification of the "
"parent object."
@@ -2628,17 +2975,17 @@ msgstr ""
"об’єкта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:338 sssd-ldap.5.xml:779 sssd-ldap.5.xml:894
+#: sssd-ldap.5.xml:356 sssd-ldap.5.xml:812 sssd-ldap.5.xml:927
msgid "Default: modifyTimestamp"
msgstr "Типове значення: modifyTimestamp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:344
+#: sssd-ldap.5.xml:362
msgid "ldap_user_shadow_last_change (string)"
msgstr "ldap_user_shadow_last_change (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:347
+#: sssd-ldap.5.xml:365
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2651,17 +2998,17 @@ msgstr ""
"citerefentry> (дати останньої зміни пароля)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:357
+#: sssd-ldap.5.xml:375
msgid "Default: shadowLastChange"
msgstr "Типове значення: shadowLastChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:363
+#: sssd-ldap.5.xml:381
msgid "ldap_user_shadow_min (string)"
msgstr "ldap_user_shadow_min (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:366
+#: sssd-ldap.5.xml:384
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2674,17 +3021,17 @@ msgstr ""
"citerefentry> (мінімального віку пароля)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:375
+#: sssd-ldap.5.xml:393
msgid "Default: shadowMin"
msgstr "Типове значення: shadowMin"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:381
+#: sssd-ldap.5.xml:399
msgid "ldap_user_shadow_max (string)"
msgstr "ldap_user_shadow_max (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:384
+#: sssd-ldap.5.xml:402
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2697,17 +3044,17 @@ msgstr ""
"citerefentry> (максимального віку пароля)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:393
+#: sssd-ldap.5.xml:411
msgid "Default: shadowMax"
msgstr "Типове значення: shadowMax"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:399
+#: sssd-ldap.5.xml:417
msgid "ldap_user_shadow_warning (string)"
msgstr "ldap_user_shadow_warning (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:402
+#: sssd-ldap.5.xml:420
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2720,17 +3067,17 @@ msgstr ""
"citerefentry> (проміжку попередження щодо пароля)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:412
+#: sssd-ldap.5.xml:430
msgid "Default: shadowWarning"
msgstr "Типове значення: shadowWarning"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:418
+#: sssd-ldap.5.xml:436
msgid "ldap_user_shadow_inactive (string)"
msgstr "ldap_user_shadow_inactive (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:421
+#: sssd-ldap.5.xml:439
msgid ""
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
@@ -2743,17 +3090,17 @@ msgstr ""
"citerefentry> (тривалості періоду невикористання пароля)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:431
+#: sssd-ldap.5.xml:449
msgid "Default: shadowInactive"
msgstr "Типове значення: shadowInactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:437
+#: sssd-ldap.5.xml:455
msgid "ldap_user_shadow_expire (string)"
msgstr "ldap_user_shadow_expire (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:440
+#: sssd-ldap.5.xml:458
msgid ""
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
@@ -2767,17 +3114,17 @@ msgstr ""
"строку дії пароля)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:450
+#: sssd-ldap.5.xml:468
msgid "Default: shadowExpire"
msgstr "Типове значення: shadowExpire"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:456
+#: sssd-ldap.5.xml:474
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr "ldap_user_krb_last_pwd_change (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:459
+#: sssd-ldap.5.xml:477
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
@@ -2788,17 +3135,17 @@ msgstr ""
"у kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:465
+#: sssd-ldap.5.xml:483
msgid "Default: krbLastPwdChange"
msgstr "Типове значення: krbLastPwdChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:471
+#: sssd-ldap.5.xml:489
msgid "ldap_user_krb_password_expiration (string)"
msgstr "ldap_user_krb_password_expiration (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:474
+#: sssd-ldap.5.xml:492
msgid ""
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
@@ -2808,17 +3155,17 @@ msgstr ""
"поточного пароля."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:480
+#: sssd-ldap.5.xml:498
msgid "Default: krbPasswordExpiration"
msgstr "Типове значення: krbPasswordExpiration"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:486
+#: sssd-ldap.5.xml:504
msgid "ldap_user_ad_account_expires (string)"
msgstr "ldap_user_ad_account_expires (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:489
+#: sssd-ldap.5.xml:507
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
@@ -2828,17 +3175,17 @@ msgstr ""
"облікового запису."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:494
+#: sssd-ldap.5.xml:512
msgid "Default: accountExpires"
msgstr "Типове значення: accountExpires"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:500
+#: sssd-ldap.5.xml:518
msgid "ldap_user_ad_user_account_control (string)"
msgstr "ldap_user_ad_user_account_control (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:503
+#: sssd-ldap.5.xml:521
msgid ""
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
@@ -2848,17 +3195,17 @@ msgstr ""
"облікового запису користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:508
+#: sssd-ldap.5.xml:526
msgid "Default: userAccountControl"
msgstr "Типове значення: userAccountControl"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:514
+#: sssd-ldap.5.xml:532
msgid "ldap_ns_account_lock (string)"
msgstr "ldap_ns_account_lock (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:517
+#: sssd-ldap.5.xml:535
msgid ""
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
@@ -2867,17 +3214,17 @@ msgstr ""
"цей параметр визначає, заборонено чи дозволено доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:522
+#: sssd-ldap.5.xml:540
msgid "Default: nsAccountLock"
msgstr "Типове значення: nsAccountLock"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:528
+#: sssd-ldap.5.xml:546
msgid "ldap_user_nds_login_disabled (string)"
msgstr "ldap_user_nds_login_disabled (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:531
+#: sssd-ldap.5.xml:549
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
@@ -2886,17 +3233,17 @@ msgstr ""
"чи заборонено доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:535 sssd-ldap.5.xml:549
+#: sssd-ldap.5.xml:553 sssd-ldap.5.xml:567
msgid "Default: loginDisabled"
msgstr "Типове значення: loginDisabled"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:541
+#: sssd-ldap.5.xml:559
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr "ldap_user_nds_login_expiration_time (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:544
+#: sssd-ldap.5.xml:562
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
@@ -2905,12 +3252,12 @@ msgstr ""
"якої надано доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:555
+#: sssd-ldap.5.xml:573
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr "ldap_user_nds_login_allowed_time_map (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:558
+#: sssd-ldap.5.xml:576
msgid ""
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
@@ -2919,17 +3266,17 @@ msgstr ""
"тижня, коли надається доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:563
+#: sssd-ldap.5.xml:581
msgid "Default: loginAllowedTimeMap"
msgstr "Типове значення: loginAllowedTimeMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:569
+#: sssd-ldap.5.xml:587
msgid "ldap_user_principal (string)"
msgstr "ldap_user_principal (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:572
+#: sssd-ldap.5.xml:590
msgid ""
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"(UPN)."
@@ -2937,27 +3284,27 @@ msgstr ""
"Атрибут LDAP, що містить Kerberos User Principal Name (UPN) користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:576
+#: sssd-ldap.5.xml:594
msgid "Default: krbPrincipalName"
msgstr "Типове значення: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:582
+#: sssd-ldap.5.xml:600
msgid "ldap_user_ssh_public_key (string)"
msgstr "ldap_user_ssh_public_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:585
+#: sssd-ldap.5.xml:603
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr "Атрибут LDAP, який містить відкриті ключі SSH користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:592
+#: sssd-ldap.5.xml:610
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:595
+#: sssd-ldap.5.xml:613
msgid ""
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
@@ -2971,12 +3318,12 @@ msgstr ""
"області у верхньому регістрі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:608
+#: sssd-ldap.5.xml:626
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:611
+#: sssd-ldap.5.xml:629
msgid ""
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"enumerated records."
@@ -2985,17 +3332,17 @@ msgstr ""
"свого кешу нумерованих записів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:616 sssd-ldap.5.xml:1808
+#: sssd-ldap.5.xml:634 sssd-ldap.5.xml:1887
msgid "Default: 300"
msgstr "Типове значення: 300"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:622
+#: sssd-ldap.5.xml:640
msgid "ldap_purge_cache_timeout (integer)"
msgstr "ldap_purge_cache_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:625
+#: sssd-ldap.5.xml:643
msgid ""
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
@@ -3006,55 +3353,55 @@ msgstr ""
"цих записів з метою економії місця."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:631
+#: sssd-ldap.5.xml:649
msgid "Setting this option to zero will disable the cache cleanup operation."
msgstr ""
"Встановлення нульового значення цього параметра вимкне дію з очищення кешу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:635
+#: sssd-ldap.5.xml:653
msgid "Default: 10800 (12 hours)"
msgstr "Типове значення: 10800 (12 годин)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:641
+#: sssd-ldap.5.xml:659
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:644
+#: sssd-ldap.5.xml:662
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "Атрибут LDAP, що відповідає повному імені користувача."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:648 sssd-ldap.5.xml:727 sssd-ldap.5.xml:828
-#: sssd-ldap.5.xml:919 sssd-ldap.5.xml:1663 sssd-ldap.5.xml:1881
-#: sssd-ipa.5.xml:422
+#: sssd-ldap.5.xml:666 sssd-ldap.5.xml:745 sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:952 sssd-ldap.5.xml:1742 sssd-ldap.5.xml:1960
+#: sssd-ipa.5.xml:441
msgid "Default: cn"
msgstr "Типове значення: cn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:654
+#: sssd-ldap.5.xml:672
msgid "ldap_user_member_of (string)"
msgstr "ldap_user_member_of (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:657
+#: sssd-ldap.5.xml:675
msgid "The LDAP attribute that lists the user's group memberships."
msgstr "Атрибут LDAP зі списком груп, у яких бере участь користувач."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:661 sssd-ipa.5.xml:326
+#: sssd-ldap.5.xml:679 sssd-ipa.5.xml:345
msgid "Default: memberOf"
msgstr "Типове значення: memberOf"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:667
+#: sssd-ldap.5.xml:685
msgid "ldap_user_authorized_service (string)"
msgstr "ldap_user_authorized_service (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:670
+#: sssd-ldap.5.xml:688
msgid ""
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
@@ -3065,7 +3412,7 @@ msgstr ""
"LDAP для визначення прав доступу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:677
+#: sssd-ldap.5.xml:695
msgid ""
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
@@ -3074,17 +3421,17 @@ msgstr ""
"(svc) і нарешті загальні дозволи або allow_all (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:682
+#: sssd-ldap.5.xml:700
msgid "Default: authorizedService"
msgstr "Типове значення: authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:688
+#: sssd-ldap.5.xml:706
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:691
+#: sssd-ldap.5.xml:709
msgid ""
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
@@ -3095,7 +3442,7 @@ msgstr ""
"доступу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:697
+#: sssd-ldap.5.xml:715
msgid ""
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
@@ -3104,82 +3451,99 @@ msgstr ""
"(host) і нарешті загальні дозволи або allow_all (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:702
+#: sssd-ldap.5.xml:720
msgid "Default: host"
msgstr "Типове значення: host"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:708
+#: sssd-ldap.5.xml:726
msgid "ldap_group_object_class (string)"
msgstr "ldap_group_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:711
+#: sssd-ldap.5.xml:729
msgid "The object class of a group entry in LDAP."
msgstr "Клас об’єктів запису групи у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:714
+#: sssd-ldap.5.xml:732
msgid "Default: posixGroup"
msgstr "Типове значення: posixGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:720
+#: sssd-ldap.5.xml:738
msgid "ldap_group_name (string)"
msgstr "ldap_group_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:723
+#: sssd-ldap.5.xml:741
msgid "The LDAP attribute that corresponds to the group name."
msgstr "Атрибут LDAP, що відповідає назві групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:733
+#: sssd-ldap.5.xml:751
msgid "ldap_group_gid_number (string)"
msgstr "ldap_group_gid_number (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:736
+#: sssd-ldap.5.xml:754
msgid "The LDAP attribute that corresponds to the group's id."
msgstr "Атрибут LDAP, що відповідає ідентифікатору групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:746
+#: sssd-ldap.5.xml:764
msgid "ldap_group_member (string)"
msgstr "ldap_group_member (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:749
+#: sssd-ldap.5.xml:767
msgid "The LDAP attribute that contains the names of the group's members."
msgstr "Атрибут LDAP, у якому містяться імена учасників групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:753
+#: sssd-ldap.5.xml:771
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr "Типове значення: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:759
+#: sssd-ldap.5.xml:777
msgid "ldap_group_uuid (string)"
msgstr "ldap_group_uuid (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:762
+#: sssd-ldap.5.xml:780
msgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта групи LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:772
+#: sssd-ldap.5.xml:790
+#, fuzzy
+#| msgid "ldap_group_object_class (string)"
+msgid "ldap_group_objectsid (string)"
+msgstr "ldap_group_object_class (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:793
+#, fuzzy
+#| msgid ""
+#| "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
+msgid ""
+"The LDAP attribute that contains the objectSID of an LDAP group object. This "
+"is usually only necessary for ActiveDirectory servers."
+msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта групи LDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:805
msgid "ldap_group_modify_timestamp (string)"
msgstr "ldap_group_modify_timestamp (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:785
+#: sssd-ldap.5.xml:818
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:788
+#: sssd-ldap.5.xml:821
msgid ""
"If ldap_schema is set to a schema format that supports nested groups (e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
@@ -3191,131 +3555,131 @@ msgstr ""
"параметра буде проігноровано, якщо використано схему RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:795
+#: sssd-ldap.5.xml:828
msgid "Default: 2"
msgstr "Типове значення: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:801
+#: sssd-ldap.5.xml:834
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:804
+#: sssd-ldap.5.xml:837
msgid "The object class of a netgroup entry in LDAP."
msgstr "Клас об’єктів запису мережевої групи (netgroup) у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:807
+#: sssd-ldap.5.xml:840
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_object_class."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:811
+#: sssd-ldap.5.xml:844
msgid "Default: nisNetgroup"
msgstr "Типове значення: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:817
+#: sssd-ldap.5.xml:850
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:820
+#: sssd-ldap.5.xml:853
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "Атрибут LDAP, що відповідає назві мережевої групи (netgroup)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:824
+#: sssd-ldap.5.xml:857
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_name."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:834
+#: sssd-ldap.5.xml:867
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:837
+#: sssd-ldap.5.xml:870
msgid "The LDAP attribute that contains the names of the netgroup's members."
msgstr ""
"Атрибут LDAP, у якому містяться імена учасників мережевої групи (netgroup)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:841
+#: sssd-ldap.5.xml:874
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_member."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:845
+#: sssd-ldap.5.xml:878
msgid "Default: memberNisNetgroup"
msgstr "Типове значення: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:851
+#: sssd-ldap.5.xml:884
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:854
+#: sssd-ldap.5.xml:887
msgid ""
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
msgstr ""
"Атрибут LDAP, що містить трійки мережевої групи (вузол, користувач, домен)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:858 sssd-ldap.5.xml:891
+#: sssd-ldap.5.xml:891 sssd-ldap.5.xml:924
msgid "This option is not available in IPA provider."
msgstr "Цим параметром не можна скористатися у надавачі даних IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:861
+#: sssd-ldap.5.xml:894
msgid "Default: nisNetgroupTriple"
msgstr "Типове значення: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:867
+#: sssd-ldap.5.xml:900
msgid "ldap_netgroup_uuid (string)"
msgstr "ldap_netgroup_uuid (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:870
+#: sssd-ldap.5.xml:903
msgid ""
"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта мережевої групи LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:874
+#: sssd-ldap.5.xml:907
msgid "In IPA provider, ipa_netgroup_uuid should be used instead."
msgstr "У надавачі даних IPA має бути використано ipa_netgroup_uuid."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:884
+#: sssd-ldap.5.xml:917
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:900
+#: sssd-ldap.5.xml:933
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:903
+#: sssd-ldap.5.xml:936
msgid "The object class of a service entry in LDAP."
msgstr "Клас об’єктів запису служби у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:906
+#: sssd-ldap.5.xml:939
msgid "Default: ipService"
msgstr "Типове значення: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:912
+#: sssd-ldap.5.xml:945
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:915
+#: sssd-ldap.5.xml:948
msgid ""
"The LDAP attribute that contains the name of service attributes and their "
"aliases."
@@ -3323,51 +3687,51 @@ msgstr ""
"Атрибут LDAP, що містить назву атрибутів служби та замінників цих атрибутів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:925
+#: sssd-ldap.5.xml:958
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:928
+#: sssd-ldap.5.xml:961
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "Атрибут LDAP, що містить номер порту, яким керує ця служба."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:932
+#: sssd-ldap.5.xml:965
msgid "Default: ipServicePort"
msgstr "Типове значення: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:938
+#: sssd-ldap.5.xml:971
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:941
+#: sssd-ldap.5.xml:974
msgid ""
"The LDAP attribute that contains the protocols understood by this service."
msgstr "Атрибут LDAP, що містить протоколи, за яким може працювати ця служба."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:945
+#: sssd-ldap.5.xml:978
msgid "Default: ipServiceProtocol"
msgstr "Типове значення: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:951
+#: sssd-ldap.5.xml:984
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:954
+#: sssd-ldap.5.xml:987
msgid "An optional base DN to restrict service searches to a specific subtree."
msgstr ""
"Додатковий основний DN для обмеження пошуків служб певною гілкою ієрархії."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:958 sssd-ldap.5.xml:1918 sssd-ldap.5.xml:1937
-#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:2019 sssd-ldap.5.xml:2041
-#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187
+#: sssd-ldap.5.xml:991 sssd-ldap.5.xml:1997 sssd-ldap.5.xml:2016
+#: sssd-ldap.5.xml:2035 sssd-ldap.5.xml:2098 sssd-ldap.5.xml:2120
+#: sssd-ipa.5.xml:163 sssd-ipa.5.xml:187 sssd-ipa.5.xml:206
msgid ""
"See <quote>ldap_search_base</quote> for information about configuring "
"multiple search bases."
@@ -3376,19 +3740,19 @@ msgstr ""
"налаштування декількох основ пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:963 sssd-ldap.5.xml:1923 sssd-ldap.5.xml:1942
-#: sssd-ldap.5.xml:1961 sssd-ldap.5.xml:2024 sssd-ldap.5.xml:2046
+#: sssd-ldap.5.xml:996 sssd-ldap.5.xml:2002 sssd-ldap.5.xml:2021
+#: sssd-ldap.5.xml:2040 sssd-ldap.5.xml:2103 sssd-ldap.5.xml:2125
#: sssd-ipa.5.xml:173 sssd-ipa.5.xml:192
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:970
+#: sssd-ldap.5.xml:1003
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:973
+#: sssd-ldap.5.xml:1006
msgid ""
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
@@ -3399,7 +3763,7 @@ msgstr ""
"автономного режиму роботи)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:979
+#: sssd-ldap.5.xml:1012
msgid ""
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
@@ -3410,17 +3774,17 @@ msgstr ""
"окремих типів пошуків."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:985 sssd-ldap.5.xml:1027 sssd-ldap.5.xml:1042
+#: sssd-ldap.5.xml:1018 sssd-ldap.5.xml:1060 sssd-ldap.5.xml:1075
msgid "Default: 6"
msgstr "Типове значення: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:991
+#: sssd-ldap.5.xml:1024
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:994
+#: sssd-ldap.5.xml:1027
msgid ""
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
@@ -3430,18 +3794,13 @@ msgstr ""
"користувачів та груп у ldap, перш ніж пошук буде скасовано з поверненням "
"кешованих даних (і переходом до автономного режиму роботи)"
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1001
-msgid "Default: 60"
-msgstr "Типове значення: 60"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1007
+#: sssd-ldap.5.xml:1040
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1010
+#: sssd-ldap.5.xml:1043
msgid ""
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
@@ -3458,12 +3817,12 @@ msgstr ""
"citerefentry> повертається до стану бездіяльності."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1033
+#: sssd-ldap.5.xml:1066
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1036
+#: sssd-ldap.5.xml:1069
msgid ""
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
@@ -3475,12 +3834,12 @@ msgstr ""
"випадку прив’язки SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1048
+#: sssd-ldap.5.xml:1081
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (ціле значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1051
+#: sssd-ldap.5.xml:1084
msgid ""
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
@@ -3494,17 +3853,17 @@ msgstr ""
"дії TGT)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1059
+#: sssd-ldap.5.xml:1092
msgid "Default: 900 (15 minutes)"
msgstr "Типове значення: 900 (15 хвилин)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1065
+#: sssd-ldap.5.xml:1098
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1068
+#: sssd-ldap.5.xml:1101
msgid ""
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
@@ -3514,17 +3873,17 @@ msgstr ""
"один запит."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1073
+#: sssd-ldap.5.xml:1106
msgid "Default: 1000"
msgstr "Типове значення: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1079
-msgid "ldap_disable_paging"
-msgstr "ldap_disable_paging"
+#: sssd-ldap.5.xml:1112
+msgid "ldap_disable_paging (boolean)"
+msgstr "ldap_disable_paging (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1082
+#: sssd-ldap.5.xml:1115
msgid ""
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
@@ -3535,7 +3894,7 @@ msgstr ""
"RootDSE, але цю підтримку не увімкнено або вона не працює належним чином."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1088
+#: sssd-ldap.5.xml:1121
msgid ""
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
@@ -3545,7 +3904,7 @@ msgstr ""
"підтримкою не можна скористатися."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1094
+#: sssd-ldap.5.xml:1127
msgid ""
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
@@ -3555,13 +3914,41 @@ msgstr ""
"процес контролю сторінок для одного з’єднання. У разі значного навантаження "
"це може призвести до відмови у виконанні запитів."
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133 include/ldap_id_mapping.xml:184
+msgid "Default: False"
+msgstr "Типове значення: False"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_sasl_minssf (integer)"
+msgstr "ldap_sasl_minssf (ціле значення)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"When communicating with an LDAP server using SASL, specify the minimum "
+"security level necessary to establish the connection. The values of this "
+"option are defined by OpenLDAP."
+msgstr ""
+"Під час обміну даними з сервером LDAP за допомогою SASL визначає мінімальний "
+"рівень захисту, потрібний для встановлення з’єднання. Значення цього "
+"параметра визначається OpenLDAP."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1148
+msgid "Default: Use the system default (usually specified by ldap.conf)"
+msgstr ""
+"Типове значення: типове для системи значення (зазвичай, визначається у ldap."
+"conf)"
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1103
+#: sssd-ldap.5.xml:1155
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1106
+#: sssd-ldap.5.xml:1158
msgid ""
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
@@ -3573,7 +3960,7 @@ msgstr ""
"виконуватиметься окремо."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1112
+#: sssd-ldap.5.xml:1164
msgid ""
"You can turn off dereference lookups completely by setting the value to 0."
msgstr ""
@@ -3581,7 +3968,7 @@ msgstr ""
"(розіменуванням), якщо вкажете значення 0."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1116
+#: sssd-ldap.5.xml:1168
msgid ""
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
@@ -3594,7 +3981,7 @@ msgstr ""
"OpenLDAP та Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1124
+#: sssd-ldap.5.xml:1176
msgid ""
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
@@ -3605,12 +3992,12 @@ msgstr ""
"незалежно від використання цього параметра."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1137
+#: sssd-ldap.5.xml:1189
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1140
+#: sssd-ldap.5.xml:1192
msgid ""
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
@@ -3620,7 +4007,7 @@ msgstr ""
"таких значень:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1146
+#: sssd-ldap.5.xml:1198
msgid ""
"<emphasis>never</emphasis> = The client will not request or check any server "
"certificate."
@@ -3629,7 +4016,7 @@ msgstr ""
"жодних сертифікатів сервера."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1150
+#: sssd-ldap.5.xml:1202
msgid ""
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3641,7 +4028,7 @@ msgstr ""
"режимі."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1157
+#: sssd-ldap.5.xml:1209
msgid ""
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
@@ -3652,7 +4039,7 @@ msgstr ""
"надано помилковий сертифікат, негайно перервати сеанс."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1163
+#: sssd-ldap.5.xml:1215
msgid ""
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
@@ -3663,22 +4050,22 @@ msgstr ""
"перервати сеанс."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1169
+#: sssd-ldap.5.xml:1221
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1173
+#: sssd-ldap.5.xml:1225
msgid "Default: hard"
msgstr "Типове значення: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1179
+#: sssd-ldap.5.xml:1231
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1182
+#: sssd-ldap.5.xml:1234
msgid ""
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
@@ -3687,7 +4074,7 @@ msgstr ""
"розпізнаються <command>sssd</command>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1187 sssd-ldap.5.xml:1205 sssd-ldap.5.xml:1246
+#: sssd-ldap.5.xml:1239 sssd-ldap.5.xml:1257 sssd-ldap.5.xml:1298
msgid ""
"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
"conf</filename>"
@@ -3696,12 +4083,12 @@ msgstr ""
"у <filename>/etc/openldap/ldap.conf</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1194
+#: sssd-ldap.5.xml:1246
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1197
+#: sssd-ldap.5.xml:1249
msgid ""
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
@@ -3714,38 +4101,39 @@ msgstr ""
"<command>cacertdir_rehash</command>, якщо ця програма є доступною."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1212
+#: sssd-ldap.5.xml:1264
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1215
+#: sssd-ldap.5.xml:1267
msgid "Specifies the file that contains the certificate for the client's key."
msgstr "Визначає файл, який містить сертифікат для ключа клієнта."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1219 sssd-ldap.5.xml:1231 sssd-ldap.5.xml:1979
-#: sssd-ldap.5.xml:2006 sssd-krb5.5.xml:359
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1271 sssd-ldap.5.xml:1283 sssd-ldap.5.xml:1344
+#: sssd-ldap.5.xml:2058 sssd-ldap.5.xml:2085 sssd-krb5.5.xml:359
+#: include/ldap_id_mapping.xml:145 include/ldap_id_mapping.xml:156
msgid "Default: not set"
msgstr "Типове значення: not set"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1225
+#: sssd-ldap.5.xml:1277
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1228
+#: sssd-ldap.5.xml:1280
msgid "Specifies the file that contains the client's key."
msgstr "Визначає файл, у якому міститься ключ клієнта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1237
+#: sssd-ldap.5.xml:1289
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1240
+#: sssd-ldap.5.xml:1292
msgid ""
"Specifies acceptable cipher suites. Typically this is a colon sperated "
"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
@@ -3757,12 +4145,12 @@ msgstr ""
"<manvolnum>5</manvolnum></citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1253
+#: sssd-ldap.5.xml:1305
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1256
+#: sssd-ldap.5.xml:1308
msgid ""
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
@@ -3771,12 +4159,32 @@ msgstr ""
"class=\"protocol\">tls</systemitem> для захисту каналу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1266
+#: sssd-ldap.5.xml:1318
+#, fuzzy
+#| msgid "ldap_disable_paging (boolean)"
+msgid "ldap_id_mapping (boolean)"
+msgstr "ldap_disable_paging (булеве значення)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1321
+msgid ""
+"Specifies that SSSD should attempt to map user and group IDs from the "
+"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
+"on ldap_user_uid_number and ldap_group_gid_number."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1327
+msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1337
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1269
+#: sssd-ldap.5.xml:1340
msgid ""
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"supported."
@@ -3784,18 +4192,13 @@ msgstr ""
"Визначає механізм SASL, який слід використовувати. У поточній версії "
"перевірено і підтримується лише механізм GSSAPI."
-#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1273 sssd-ldap.5.xml:1428
-msgid "Default: none"
-msgstr "Типове значення: none"
-
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1279
+#: sssd-ldap.5.xml:1350
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1282
+#: sssd-ldap.5.xml:1353
msgid ""
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory."
@@ -3805,17 +4208,17 @@ msgstr ""
"використовується для розпізнавання під час доступу до каталогу."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1287
+#: sssd-ldap.5.xml:1358
msgid "Default: host/machine.fqdn@REALM"
msgstr "Типове значення: вузол/комп’ютер.fqdn@ОБЛАСТЬ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1293
+#: sssd-ldap.5.xml:1364
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1296
+#: sssd-ldap.5.xml:1367
msgid ""
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
@@ -3825,34 +4228,34 @@ msgstr ""
"SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1301
+#: sssd-ldap.5.xml:1372
msgid "Default: false;"
msgstr "Типове значення: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1307
+#: sssd-ldap.5.xml:1378
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1310
+#: sssd-ldap.5.xml:1381
msgid "Specify the keytab to use when using SASL/GSSAPI."
msgstr "Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1313
+#: sssd-ldap.5.xml:1384
msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
msgstr ""
"Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5."
"keytab</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1319
+#: sssd-ldap.5.xml:1390
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1322
+#: sssd-ldap.5.xml:1393
msgid ""
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
@@ -3863,27 +4266,27 @@ msgstr ""
"механізм GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1334
+#: sssd-ldap.5.xml:1405
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1337
+#: sssd-ldap.5.xml:1408
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Визначає строк дії (у секундах) TGT, якщо використовується GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1341
+#: sssd-ldap.5.xml:1412
msgid "Default: 86400 (24 hours)"
msgstr "Типове значення: 86400 (24 години)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1347 sssd-krb5.5.xml:74
+#: sssd-ldap.5.xml:1418 sssd-krb5.5.xml:74
msgid "krb5_server (string)"
msgstr "krb5_server (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1350 sssd-krb5.5.xml:77
+#: sssd-ldap.5.xml:1421 sssd-krb5.5.xml:77
msgid ""
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
@@ -3902,7 +4305,7 @@ msgstr ""
"про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1362 sssd-krb5.5.xml:89
+#: sssd-ldap.5.xml:1433 sssd-krb5.5.xml:89
msgid ""
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
@@ -3914,7 +4317,7 @@ msgstr ""
"вдасться знайти."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1367 sssd-krb5.5.xml:94
+#: sssd-ldap.5.xml:1438 sssd-krb5.5.xml:94
msgid ""
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
@@ -3925,29 +4328,29 @@ msgstr ""
"варто перейти на використання «krb5_server» у файлах налаштувань."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1376 sssd-ipa.5.xml:216 sssd-krb5.5.xml:103
+#: sssd-ldap.5.xml:1447 sssd-ipa.5.xml:235 sssd-krb5.5.xml:103
msgid "krb5_realm (string)"
msgstr "krb5_realm (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1379
+#: sssd-ldap.5.xml:1450
msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
msgstr "Вказати область Kerberos (для розпізнавання за SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1382
+#: sssd-ldap.5.xml:1453
msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
msgstr ""
"Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</"
"filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1388 sssd-ipa.5.xml:231 sssd-krb5.5.xml:409
+#: sssd-ldap.5.xml:1459 sssd-ipa.5.xml:250 sssd-krb5.5.xml:409
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1391
+#: sssd-ldap.5.xml:1462
msgid ""
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
@@ -3957,12 +4360,12 @@ msgstr ""
"версії MIT Kerberos >= 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1403
+#: sssd-ldap.5.xml:1474
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1406
+#: sssd-ldap.5.xml:1477
msgid ""
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
@@ -3971,7 +4374,7 @@ msgstr ""
"використовувати такі значення:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1411
+#: sssd-ldap.5.xml:1482
msgid ""
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
@@ -3980,7 +4383,7 @@ msgstr ""
"разі використання цього варіанта перевірку на боці сервера вимкнено не буде."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1416
+#: sssd-ldap.5.xml:1487
msgid ""
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
@@ -3991,7 +4394,7 @@ msgstr ""
"manvolnum></citerefentry> для визначення того, чи чинним є пароль."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1422
+#: sssd-ldap.5.xml:1493
msgid ""
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
@@ -4002,18 +4405,18 @@ msgstr ""
"скористайтеся chpass_provider=krb5 для оновлення цих атрибутів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1434
+#: sssd-ldap.5.xml:1505
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1437
+#: sssd-ldap.5.xml:1508
msgid "Specifies whether automatic referral chasing should be enabled."
msgstr ""
"Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1441
+#: sssd-ldap.5.xml:1512
msgid ""
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
@@ -4021,29 +4424,43 @@ msgstr ""
"Зауважте, що sssd підтримує визначення напрямків, лише якщо систему зібрано "
"з версією OpenLDAP 2.4.13 або новішою версією."
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1517
+msgid ""
+"Chasing referrals may incur a performance penalty in environments that use "
+"them heavily, a notable example is Microsoft Active Directory. If your setup "
+"does not in fact require the use of referrals, setting this option to false "
+"might bring a noticeable performance improvement."
+msgstr ""
+"Перехід за спрямуваннями може призвести до значних втрат швидкодії у "
+"середовищах, де такі спрямування використовуються широко. Прикладом такого "
+"середовища може бути Microsoft Active Directory. Якщо у вашому середовищі "
+"спрямування не є обов’язковими, встановлення для цього параметра значення "
+"«false» може значно пришвидшити роботу."
+
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1452
+#: sssd-ldap.5.xml:1531
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1455
+#: sssd-ldap.5.xml:1534
msgid "Specifies the service name to use when service discovery is enabled."
msgstr ""
"Визначає назву служби, яку буде використано у разі вмикання визначення служб."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1459
+#: sssd-ldap.5.xml:1538
msgid "Default: ldap"
msgstr "Типове значення: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1465
+#: sssd-ldap.5.xml:1544
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1468
+#: sssd-ldap.5.xml:1547
msgid ""
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
@@ -4052,38 +4469,38 @@ msgstr ""
"уможливлює зміну паролів, у разі вмикання визначення служб."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1473
+#: sssd-ldap.5.xml:1552
msgid "Default: not set, i.e. service discovery is disabled"
msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1479
+#: sssd-ldap.5.xml:1558
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1482
+#: sssd-ldap.5.xml:1561
msgid ""
"If using access_provider = ldap, this option is mandatory. It specifies an "
"LDAP search filter criteria that must be met for the user to be granted "
"access on this host. If access_provider = ldap and this option is not set, "
-"it will result in all users being denied access. Use access_provider = allow "
-"to change this default behavior."
+"it will result in all users being denied access. Use access_provider = "
+"permit to change this default behavior."
msgstr ""
"Якщо використовується access_provider = ldap, цей параметр є обов’язковим. "
"Він вказує критерії фільтрування LDAP, яким має задовольняти запис "
"користувача для надання доступу до цього вузла. Якщо визначено "
"access_provider = ldap, а цей параметр не встановлено, доступ буде "
"заборонено всім користувачам. Щоб змінити таку типову поведінку системи, "
-"скористайтеся параметром access_provider = allow"
+"скористайтеся параметром access_provider = permit"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1492 sssd-ldap.5.xml:1982
+#: sssd-ldap.5.xml:1571 sssd-ldap.5.xml:2061
msgid "Example:"
msgstr "Приклад:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1495
+#: sssd-ldap.5.xml:1574
#, no-wrap
msgid ""
"access_provider = ldap\n"
@@ -4095,7 +4512,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1499
+#: sssd-ldap.5.xml:1578
msgid ""
"This example means that access to this host is restricted to members of the "
"\"allowedusers\" group in ldap."
@@ -4103,7 +4520,7 @@ msgstr ""
"У прикладі доступ до вузла обмежено учасниками групи «allowedusers» у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1504
+#: sssd-ldap.5.xml:1583
msgid ""
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
@@ -4117,17 +4534,17 @@ msgstr ""
"таких прав не було надано, у автономному режимі їх також не буде надано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1512 sssd-ldap.5.xml:1562
+#: sssd-ldap.5.xml:1591 sssd-ldap.5.xml:1641
msgid "Default: Empty"
msgstr "Типове значення: порожній рядок"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1518
+#: sssd-ldap.5.xml:1597
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1521
+#: sssd-ldap.5.xml:1600
msgid ""
"With this option a client side evaluation of access control attributes can "
"be enabled."
@@ -4136,7 +4553,7 @@ msgstr ""
"керування доступом на боці клієнта."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1525
+#: sssd-ldap.5.xml:1604
msgid ""
"Please note that it is always recommended to use server side access control, "
"i.e. the LDAP server should deny the bind request with a suitable error code "
@@ -4147,12 +4564,12 @@ msgstr ""
"з відповідним кодом помилки, навіть якщо вказано правильний пароль."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1532
+#: sssd-ldap.5.xml:1611
msgid "The following values are allowed:"
msgstr "Можна використовувати такі значення:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1535
+#: sssd-ldap.5.xml:1614
msgid ""
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
@@ -4161,7 +4578,7 @@ msgstr ""
"визначити, чи завершено строк дії облікового запису."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1540
+#: sssd-ldap.5.xml:1619
msgid ""
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
@@ -4174,7 +4591,7 @@ msgstr ""
"Також буде перевірено, чи не вичерпано строк дії облікового запису."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1547
+#: sssd-ldap.5.xml:1626
msgid ""
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
@@ -4185,7 +4602,7 @@ msgstr ""
"ldap_ns_account_lock."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1553
+#: sssd-ldap.5.xml:1632
msgid ""
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
@@ -4198,30 +4615,30 @@ msgstr ""
"атрибутів, надати доступ."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1568
+#: sssd-ldap.5.xml:1647
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1571
+#: sssd-ldap.5.xml:1650
msgid "Comma separated list of access control options. Allowed values are:"
msgstr ""
"Список відокремлених комами параметрів керування доступом. Можливі значення "
"списку:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1575
+#: sssd-ldap.5.xml:1654
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1578
+#: sssd-ldap.5.xml:1657
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr ""
"<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1582
+#: sssd-ldap.5.xml:1661
msgid ""
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"to determine access"
@@ -4230,19 +4647,19 @@ msgstr ""
"можливості доступу атрибут authorizedService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1587
+#: sssd-ldap.5.xml:1666
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
msgstr ""
"<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити "
"права доступу"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1591
+#: sssd-ldap.5.xml:1670
msgid "Default: filter"
msgstr "Типове значення: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1594
+#: sssd-ldap.5.xml:1673
msgid ""
"Please note that it is a configuration error if a value is used more than "
"once."
@@ -4251,12 +4668,12 @@ msgstr ""
"використано декілька разів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1601
+#: sssd-ldap.5.xml:1680
msgid "ldap_deref (string)"
msgstr "ldap_deref (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1604
+#: sssd-ldap.5.xml:1683
msgid ""
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
@@ -4265,13 +4682,13 @@ msgstr ""
"пошуку. Можливі такі варіанти:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1609
+#: sssd-ldap.5.xml:1688
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
msgstr ""
"<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1613
+#: sssd-ldap.5.xml:1692
msgid ""
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
@@ -4281,7 +4698,7 @@ msgstr ""
"пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1618
+#: sssd-ldap.5.xml:1697
msgid ""
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
@@ -4290,7 +4707,7 @@ msgstr ""
"під час визначення місця основного об’єкта пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1623
+#: sssd-ldap.5.xml:1702
msgid ""
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
@@ -4299,7 +4716,7 @@ msgstr ""
"час пошуку, так і під час визначення місця основного об’єкта пошуку."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1628
+#: sssd-ldap.5.xml:1707
msgid ""
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"client libraries)"
@@ -4323,57 +4740,57 @@ msgstr ""
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1639
+#: sssd-ldap.5.xml:1718
msgid "SUDO OPTIONS"
msgstr "ПАРАМЕТРИ SUDO"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1644
+#: sssd-ldap.5.xml:1723
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1647
+#: sssd-ldap.5.xml:1726
msgid "The object class of a sudo rule entry in LDAP."
msgstr "Клас об’єктів запису правила sudo у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1650
+#: sssd-ldap.5.xml:1729
msgid "Default: sudoRole"
msgstr "Типове значення: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1656
+#: sssd-ldap.5.xml:1735
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1659
+#: sssd-ldap.5.xml:1738
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "Атрибут LDAP, що відповідає назві правила sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1669
+#: sssd-ldap.5.xml:1748
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1672
+#: sssd-ldap.5.xml:1751
msgid "The LDAP attribute that corresponds to the command name."
msgstr "Атрибут LDAP, що відповідає назві команди."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1676
+#: sssd-ldap.5.xml:1755
msgid "Default: sudoCommand"
msgstr "Типове значення: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1682
+#: sssd-ldap.5.xml:1761
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1685
+#: sssd-ldap.5.xml:1764
msgid ""
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
@@ -4382,17 +4799,17 @@ msgstr ""
"вузла, мережевій групі вузла)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1690
+#: sssd-ldap.5.xml:1769
msgid "Default: sudoHost"
msgstr "Типове значення: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1696
+#: sssd-ldap.5.xml:1775
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1699
+#: sssd-ldap.5.xml:1778
msgid ""
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"user's netgroup)"
@@ -4401,32 +4818,32 @@ msgstr ""
"або назві мережевої групи користувача)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1703
+#: sssd-ldap.5.xml:1782
msgid "Default: sudoUser"
msgstr "Типове значення: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1709
+#: sssd-ldap.5.xml:1788
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1712
+#: sssd-ldap.5.xml:1791
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "Атрибут LDAP, що відповідає параметрам sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1716
+#: sssd-ldap.5.xml:1795
msgid "Default: sudoOption"
msgstr "Типове значення: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1722
+#: sssd-ldap.5.xml:1801
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1725
+#: sssd-ldap.5.xml:1804
msgid ""
"The LDAP attribute that corresponds to the user name that commands may be "
"run as."
@@ -4435,17 +4852,17 @@ msgstr ""
"команди."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1729
+#: sssd-ldap.5.xml:1808
msgid "Default: sudoRunAsUser"
msgstr "Типове значення: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1735
+#: sssd-ldap.5.xml:1814
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1738
+#: sssd-ldap.5.xml:1817
msgid ""
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
@@ -4454,17 +4871,17 @@ msgstr ""
"виконувати команди."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1742
+#: sssd-ldap.5.xml:1821
msgid "Default: sudoRunAsGroup"
msgstr "Типове значення: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1748
+#: sssd-ldap.5.xml:1827
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1751
+#: sssd-ldap.5.xml:1830
msgid ""
"The LDAP attribute that corresponds to the start date/time for when the sudo "
"rule is valid."
@@ -4472,49 +4889,49 @@ msgstr ""
"Атрибут LDAP, що відповідає даті і часу набуття чинності правилом sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1755
+#: sssd-ldap.5.xml:1834
msgid "Default: sudoNotBefore"
msgstr "Типове значення: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1761
+#: sssd-ldap.5.xml:1840
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1764
+#: sssd-ldap.5.xml:1843
msgid ""
"The LDAP attribute that corresponds to the expiration date/time, after which "
"the sudo rule will no longer be valid."
msgstr "Атрибут LDAP, що відповідає даті і часу втрати чинності правилом sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1769
+#: sssd-ldap.5.xml:1848
msgid "Default: sudoNotAfter"
msgstr "Типове значення: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1775
+#: sssd-ldap.5.xml:1854
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1778
+#: sssd-ldap.5.xml:1857
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "Атрибут LDAP, що відповідає порядковому номеру правила."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1782
+#: sssd-ldap.5.xml:1861
msgid "Default: sudoOrder"
msgstr "Типове значення: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1788
+#: sssd-ldap.5.xml:1867
msgid "ldap_sudo_refresh_enabled (boolean)"
msgstr "ldap_sudo_refresh_enabled (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1791
+#: sssd-ldap.5.xml:1870
msgid ""
"Enables periodical download of all sudo rules. The cache is purged before "
"each update."
@@ -4523,12 +4940,12 @@ msgstr ""
"з кешу вилучаються."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1801
+#: sssd-ldap.5.xml:1880
msgid "ldap_sudo_refresh_timeout (integer)"
msgstr "ldap_sudo_refresh_timeout (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1804
+#: sssd-ldap.5.xml:1883
msgid ""
"How many seconds SSSD has to wait before refreshing its cache of sudo rules."
msgstr ""
@@ -4536,12 +4953,12 @@ msgstr ""
"свого кешу правил sudo."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1642
+#: sssd-ldap.5.xml:1721
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1815
+#: sssd-ldap.5.xml:1894
msgid ""
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
@@ -4554,12 +4971,12 @@ msgstr ""
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1825
+#: sssd-ldap.5.xml:1904
msgid "AUTOFS OPTIONS"
msgstr "ПАРАМЕТРИ AUTOFS"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1827
+#: sssd-ldap.5.xml:1906
msgid ""
"Please note that the default values correspond to the default schema which "
"is RFC2307."
@@ -4568,47 +4985,47 @@ msgstr ""
"визначено у RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1834
+#: sssd-ldap.5.xml:1913
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1837 sssd-ldap.5.xml:1863
+#: sssd-ldap.5.xml:1916 sssd-ldap.5.xml:1942
msgid "The object class of an automount map entry in LDAP."
msgstr "Клас об’єктів запису карти автоматичного монтування у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1867
+#: sssd-ldap.5.xml:1919 sssd-ldap.5.xml:1946
msgid "Default: automountMap"
msgstr "Типове значення: automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1847
+#: sssd-ldap.5.xml:1926
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1850
+#: sssd-ldap.5.xml:1929
msgid "The name of an automount map entry in LDAP."
msgstr "Назва запису карти автоматичного монтування у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1853
+#: sssd-ldap.5.xml:1932
msgid "Default: ou"
msgstr "Типове значення: ou"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1860
+#: sssd-ldap.5.xml:1939
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1874
+#: sssd-ldap.5.xml:1953
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1877 sssd-ldap.5.xml:1891
+#: sssd-ldap.5.xml:1956 sssd-ldap.5.xml:1970
msgid ""
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"mount point."
@@ -4617,17 +5034,17 @@ msgstr ""
"точні монтування."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1888
+#: sssd-ldap.5.xml:1967
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1895
+#: sssd-ldap.5.xml:1974
msgid "Default: automountInformation"
msgstr "Типове значення: automountInformation"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1832
+#: sssd-ldap.5.xml:1911
msgid ""
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
@@ -4640,17 +5057,17 @@ msgstr ""
"\"variablelist\" id=\"4\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:1904
+#: sssd-ldap.5.xml:1983
msgid "ADVANCED OPTIONS"
msgstr "ДОДАТКОВІ ПАРАМЕТРИ"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1911
+#: sssd-ldap.5.xml:1990
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1914
+#: sssd-ldap.5.xml:1993
msgid ""
"An optional base DN to restrict netgroup searches to a specific subtree."
msgstr ""
@@ -4658,35 +5075,35 @@ msgstr ""
"ієрархії."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1930
+#: sssd-ldap.5.xml:2009
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1933
+#: sssd-ldap.5.xml:2012
msgid "An optional base DN to restrict user searches to a specific subtree."
msgstr ""
"Додатковий основний DN для обмеження пошуків користувачів певною гілкою "
"ієрархії."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1949
+#: sssd-ldap.5.xml:2028
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1952
+#: sssd-ldap.5.xml:2031
msgid "An optional base DN to restrict group searches to a specific subtree."
msgstr ""
"Додатковий основний DN для обмеження пошуків групи певною гілкою ієрархії."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1968
+#: sssd-ldap.5.xml:2047
msgid "ldap_user_search_filter (string)"
msgstr "ldap_user_search_filter (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1971
+#: sssd-ldap.5.xml:2050
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict user searches."
@@ -4695,7 +5112,7 @@ msgstr ""
"фільтрування LDAP, яким буде обмежено пошук користувачів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1975
+#: sssd-ldap.5.xml:2054
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_user_search_base."
@@ -4704,7 +5121,7 @@ msgstr ""
"використовувати синтаксичні конструкції з ldap_user_search_base."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
-#: sssd-ldap.5.xml:1985
+#: sssd-ldap.5.xml:2064
#, no-wrap
msgid ""
" ldap_user_search_filter = (loginShell=/bin/tcsh)\n"
@@ -4714,7 +5131,7 @@ msgstr ""
" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1988
+#: sssd-ldap.5.xml:2067
msgid ""
"This filter would restrict user searches to users that have their shell set "
"to /bin/tcsh."
@@ -4723,12 +5140,12 @@ msgstr ""
"яких встановлено командну оболонку /bin/tcsh."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:1995
+#: sssd-ldap.5.xml:2074
msgid "ldap_group_search_filter (string)"
msgstr "ldap_group_search_filter (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:1998
+#: sssd-ldap.5.xml:2077
msgid ""
"This option specifies an additional LDAP search filter criteria that "
"restrict group searches."
@@ -4737,7 +5154,7 @@ msgstr ""
"фільтрування LDAP, яким буде обмежено пошук груп."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2002
+#: sssd-ldap.5.xml:2081
msgid ""
"This option is <emphasis>deprecated</emphasis> in favor of the syntax used "
"by ldap_group_search_base."
@@ -4746,12 +5163,12 @@ msgstr ""
"використовувати синтаксичні конструкції з ldap_group_search_base."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2012
+#: sssd-ldap.5.xml:2091
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2015
+#: sssd-ldap.5.xml:2094
msgid ""
"An optional base DN to restrict sudo rules searches to a specific subtree."
msgstr ""
@@ -4759,12 +5176,12 @@ msgstr ""
"ієрархії."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ldap.5.xml:2034
+#: sssd-ldap.5.xml:2113
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ldap.5.xml:2037
+#: sssd-ldap.5.xml:2116
msgid ""
"An optional base DN to restrict automounter searches to a specific subtree."
msgstr ""
@@ -4772,7 +5189,7 @@ msgstr ""
"певною гілкою ієрархії."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:1906
+#: sssd-ldap.5.xml:1985
msgid ""
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
@@ -4783,7 +5200,7 @@ msgstr ""
"відомі наслідки ваших дій. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2066
+#: sssd-ldap.5.xml:2147
msgid ""
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
@@ -4794,7 +5211,7 @@ msgstr ""
"</replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ldap.5.xml:2072
+#: sssd-ldap.5.xml:2153
#, no-wrap
msgid ""
" [domain/LDAP]\n"
@@ -4815,19 +5232,19 @@ msgstr ""
" cache_credentials = true\n"
" enumerate = true\n"
-#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2071 sssd-simple.5.xml:134 sssd-ipa.5.xml:552
-#: sssd-krb5.5.xml:441
+#. type: Content of: <refsect1><refsect2><para>
+#: sssd-ldap.5.xml:2152 sssd-simple.5.xml:134 sssd-ipa.5.xml:571
+#: sssd-krb5.5.xml:441 include/ldap_id_mapping.xml:63
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
-#: sssd-ldap.5.xml:2085 sssd_krb5_locator_plugin.8.xml:61
+#: sssd-ldap.5.xml:2166 sssd_krb5_locator_plugin.8.xml:61
msgid "NOTES"
msgstr "ЗАУВАЖЕННЯ"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2087
+#: sssd-ldap.5.xml:2168
msgid ""
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
@@ -4840,7 +5257,7 @@ msgstr ""
"2.4."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ldap.5.xml:2098
+#: sssd-ldap.5.xml:2179
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
@@ -5531,12 +5948,34 @@ msgstr ""
"користувачів SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:199 sssd-krb5.5.xml:229
+#: sssd-ipa.5.xml:199
+#, fuzzy
+#| msgid "ipa_hbac_search_base (string)"
+msgid "ipa_subdomains_search_base (string)"
+msgstr "ipa_hbac_search_base (рядок)"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:202
+#, fuzzy
+#| msgid "Optional. Use the given string as search base for host objects."
+msgid "Optional. Use the given string as search base for trusted domains."
+msgstr ""
+"Необов’язковий. Використати вказаний рядок як основу пошуку об’єктів вузлів."
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:211
+#, fuzzy
+#| msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
+msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
+msgstr "Типове значення: значення <emphasis>ldap_search_base</emphasis>"
+
+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:218 sssd-krb5.5.xml:229
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:202 sssd-krb5.5.xml:232
+#: sssd-ipa.5.xml:221 sssd-krb5.5.xml:232
msgid ""
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed."
@@ -5544,7 +5983,7 @@ msgstr ""
"Перевірити за допомогою krb5_keytab, чи не було підмінено отриманий TGT."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:209
+#: sssd-ipa.5.xml:228
msgid ""
"Note that this default differs from the traditional Kerberos provider back "
"end."
@@ -5553,7 +5992,7 @@ msgstr ""
"модуля Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:219
+#: sssd-ipa.5.xml:238
msgid ""
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
@@ -5562,7 +6001,7 @@ msgstr ""
"«ipa_domain»."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:223
+#: sssd-ipa.5.xml:242
msgid ""
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
@@ -5571,7 +6010,7 @@ msgstr ""
"перетворено у основний DN для виконання дій LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:234
+#: sssd-ipa.5.xml:253
msgid ""
"Specifies if the host and user principal should be canonicalized when "
"connecting to IPA LDAP and also for AS requests. This feature is available "
@@ -5582,12 +6021,12 @@ msgstr ""
"запитів AS. Цю можливість передбачено з версії MIT Kerberos >= 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:247
+#: sssd-ipa.5.xml:266
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (ціле число)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:250
+#: sssd-ipa.5.xml:269
msgid ""
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
@@ -5598,17 +6037,17 @@ msgstr ""
"короткого періоду часу надходить багато запитів щодо керування доступом."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:257
+#: sssd-ipa.5.xml:276
msgid "Default: 5 (seconds)"
msgstr "Типове значення: 5 (секунд)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:262
+#: sssd-ipa.5.xml:281
msgid "ipa_hbac_treat_deny_as (string)"
msgstr "ipa_hbac_treat_deny_as (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:265
+#: sssd-ipa.5.xml:284
msgid ""
"This option specifies how to treat the deprecated DENY-type HBAC rules. As "
"of FreeIPA v2.1, DENY rules are no longer supported on the server. All users "
@@ -5622,7 +6061,7 @@ msgstr ""
"періоду передбачено два режими обробки таких правил:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:274
+#: sssd-ipa.5.xml:293
msgid ""
"<emphasis>DENY_ALL</emphasis>: If any HBAC DENY rules are detected, all "
"users will be denied access."
@@ -5631,7 +6070,7 @@ msgstr ""
"DENY, всім користувачам доступ буде заборонено."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:279
+#: sssd-ipa.5.xml:298
msgid ""
"<emphasis>IGNORE</emphasis>: SSSD will ignore any DENY rules. Be very "
"careful with this option, as it may result in opening unintended access."
@@ -5641,17 +6080,17 @@ msgstr ""
"небажаним користувачам."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:284
+#: sssd-ipa.5.xml:303
msgid "Default: DENY_ALL"
msgstr "Типове значення: DENY_ALL"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:289
+#: sssd-ipa.5.xml:308
msgid "ipa_hbac_support_srchost (boolean)"
msgstr "ipa_hbac_support_srchost (булеве значення)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:292
+#: sssd-ipa.5.xml:311
msgid ""
"If this is set to false, then srchost as given to SSSD by PAM will be "
"ignored."
@@ -5660,7 +6099,7 @@ msgstr ""
"даних PAM, буде проігноровано."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:296
+#: sssd-ipa.5.xml:315
msgid ""
"Note that if set to <emphasis>False</emphasis>, this option casuses filters "
"given in <emphasis>ipa_host_search_base</emphasis> to be ignored;"
@@ -5670,38 +6109,38 @@ msgstr ""
"буде проігноровано;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:307
+#: sssd-ipa.5.xml:326
msgid "ipa_automount_location (string)"
msgstr "ipa_automount_location (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:310
+#: sssd-ipa.5.xml:329
msgid "The automounter location this IPA client will be using"
msgstr ""
"Адреса автоматичного монтування, яку буде використовувати цей клієнт IPA"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:313
+#: sssd-ipa.5.xml:332
msgid "Default: The location named \"default\""
msgstr "Типове значення: адреса з назвою \"default\""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:319
+#: sssd-ipa.5.xml:338
msgid "ipa_netgroup_member_of (string)"
msgstr "ipa_netgroup_member_of (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:322
+#: sssd-ipa.5.xml:341
msgid "The LDAP attribute that lists netgroup's memberships."
msgstr "Атрибут LDAP зі списком учасників мережевої групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:331
+#: sssd-ipa.5.xml:350
msgid "ipa_netgroup_member_user (string)"
msgstr "ipa_netgroup_member_user (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:334
+#: sssd-ipa.5.xml:353
msgid ""
"The LDAP attribute that lists system users and groups that are direct "
"members of the netgroup."
@@ -5710,17 +6149,17 @@ msgstr ""
"учасниками мережевої групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:339 sssd-ipa.5.xml:434
+#: sssd-ipa.5.xml:358 sssd-ipa.5.xml:453
msgid "Default: memberUser"
msgstr "Типове значення: memberUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:344
+#: sssd-ipa.5.xml:363
msgid "ipa_netgroup_member_host (string)"
msgstr "ipa_netgroup_member_host (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:347
+#: sssd-ipa.5.xml:366
msgid ""
"The LDAP attribute that lists hosts and host groups that are direct members "
"of the netgroup."
@@ -5729,17 +6168,17 @@ msgstr ""
"учасниками мережевої групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:351 sssd-ipa.5.xml:446
+#: sssd-ipa.5.xml:370 sssd-ipa.5.xml:465
msgid "Default: memberHost"
msgstr "Типове значення: memberHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:356
+#: sssd-ipa.5.xml:375
msgid "ipa_netgroup_member_ext_host (string)"
msgstr "ipa_netgroup_member_ext_host (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:359
+#: sssd-ipa.5.xml:378
msgid ""
"The LDAP attribute that lists FQDNs of hosts and host groups that are "
"members of the netgroup."
@@ -5748,78 +6187,78 @@ msgstr ""
"мережевої групи."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:363
+#: sssd-ipa.5.xml:382
msgid "Default: externalHost"
msgstr "Типове значення: externalHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:368
+#: sssd-ipa.5.xml:387
msgid "ipa_netgroup_domain (string)"
msgstr "ipa_netgroup_domain (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:371
+#: sssd-ipa.5.xml:390
msgid "The LDAP attribute that contains NIS domain name of the netgroup."
msgstr ""
"Атрибут LDAP, у якому міститься доменна назва NIS мережевої групи (netgroup)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:375
+#: sssd-ipa.5.xml:394
msgid "Default: nisDomainName"
msgstr "Типове значення: nisDomainName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:381
+#: sssd-ipa.5.xml:400
msgid "ipa_host_object_class (string)"
msgstr "ipa_host_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:384 sssd-ipa.5.xml:407
+#: sssd-ipa.5.xml:403 sssd-ipa.5.xml:426
msgid "The object class of a host entry in LDAP."
msgstr "Клас об’єктів запису вузла у LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:387 sssd-ipa.5.xml:410
+#: sssd-ipa.5.xml:406 sssd-ipa.5.xml:429
msgid "Default: ipaHost"
msgstr "Типове значення: ipaHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:392
+#: sssd-ipa.5.xml:411
msgid "ipa_host_fqdn (string)"
msgstr "ipa_host_fqdn (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:395
+#: sssd-ipa.5.xml:414
msgid "The LDAP attribute that contains FQDN of the host."
msgstr "Атрибут LDAP, що містить FQDN вузла."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:398
+#: sssd-ipa.5.xml:417
msgid "Default: fqdn"
msgstr "Типове значення: fqdn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:404
+#: sssd-ipa.5.xml:423
msgid "ipa_selinux_usermap_object_class (string)"
msgstr "ipa_selinux_usermap_object_class (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:415
+#: sssd-ipa.5.xml:434
msgid "ipa_selinux_usermap_name (string)"
msgstr "ipa_selinux_usermap_name (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:418
+#: sssd-ipa.5.xml:437
msgid "The LDAP attribute that contains the name of SELinux usermap."
msgstr "Атрибут LDAP, що містить назву карти користувачів SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:427
+#: sssd-ipa.5.xml:446
msgid "ipa_selinux_usermap_member_user (string)"
msgstr "ipa_selinux_usermap_member_user (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:430
+#: sssd-ipa.5.xml:449
msgid ""
"The LDAP attribute that contains all users / groups this rule match against."
msgstr ""
@@ -5827,12 +6266,12 @@ msgstr ""
"правило."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:439
+#: sssd-ipa.5.xml:458
msgid "ipa_selinux_usermap_member_host (string)"
msgstr "ipa_selinux_usermap_member_host (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:442
+#: sssd-ipa.5.xml:461
msgid ""
"The LDAP attribute that contains all hosts / hostgroups this rule match "
"against."
@@ -5841,12 +6280,12 @@ msgstr ""
"це правило."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:451
+#: sssd-ipa.5.xml:470
msgid "ipa_selinux_usermap_see_also (string)"
msgstr "ipa_selinux_usermap_see_also (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:454
+#: sssd-ipa.5.xml:473
msgid ""
"The LDAP attribute that contains DN of HBAC rule which can be used for "
"matching instead of memberUser and memberHost"
@@ -5855,32 +6294,32 @@ msgstr ""
"для встановлення відповідності замість memberUser і memberHost."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:459
+#: sssd-ipa.5.xml:478
msgid "Default: seeAlso"
msgstr "Типове значення: seeAlso"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:464
+#: sssd-ipa.5.xml:483
msgid "ipa_selinux_usermap_selinux_user (string)"
msgstr "ipa_selinux_usermap_selinux_user (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:467
+#: sssd-ipa.5.xml:486
msgid "The LDAP attribute that contains SELinux user string itself."
msgstr "Атрибут LDAP, який містить сам рядок користувача SELinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:471
+#: sssd-ipa.5.xml:490
msgid "Default: ipaSELinuxUser"
msgstr "Типове значення: ipaSELinuxUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:476
+#: sssd-ipa.5.xml:495
msgid "ipa_selinux_usermap_enabled (string)"
msgstr "ipa_selinux_usermap_enabled (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:479
+#: sssd-ipa.5.xml:498
msgid ""
"The LDAP attribute that contains whether or not is user map enabled for "
"usage."
@@ -5889,72 +6328,72 @@ msgstr ""
"користувачів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:483
+#: sssd-ipa.5.xml:502
msgid "Default: ipaEnabledFlag"
msgstr "Типове значення: ipaEnabledFlag"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:488
+#: sssd-ipa.5.xml:507
msgid "ipa_selinux_usermap_user_category (string)"
msgstr "ipa_selinux_usermap_user_category (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:491
+#: sssd-ipa.5.xml:510
msgid "The LDAP attribute that contains user category such as 'all'."
msgstr "Атрибут LDAP, що містить категорію користувачів, зокрема 'all'."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:495
+#: sssd-ipa.5.xml:514
msgid "Default: userCategory"
msgstr "Типове значення: userCategory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:500
+#: sssd-ipa.5.xml:519
msgid "ipa_selinux_usermap_host_category (string)"
msgstr "ipa_selinux_usermap_host_category (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:503
+#: sssd-ipa.5.xml:522
msgid "The LDAP attribute that contains host category such as 'all'."
msgstr "Атрибут LDAP, що містить категорію вузлів, зокрема 'all'."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:507
+#: sssd-ipa.5.xml:526
msgid "Default: hostCategory"
msgstr "Типове значення: hostCategory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:512
+#: sssd-ipa.5.xml:531
msgid "ipa_selinux_usermap_uuid (string)"
msgstr "ipa_selinux_usermap_uuid (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:515
+#: sssd-ipa.5.xml:534
msgid "The LDAP attribute that contains unique ID of the user map."
msgstr "Атрибут LDAP, що містить унікальний ідентифікатор карти користувачів."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:519
+#: sssd-ipa.5.xml:538
msgid "Default: ipaUniqueID"
msgstr "Типове значення: ipaUniqueID"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-#: sssd-ipa.5.xml:524
+#: sssd-ipa.5.xml:543
msgid "ipa_host_ssh_public_key (string)"
msgstr "ipa_host_ssh_public_key (рядок)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:527
+#: sssd-ipa.5.xml:546
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr "Атрибут LDAP, який містить відкриті ключі SSH вузла."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-#: sssd-ipa.5.xml:531
+#: sssd-ipa.5.xml:550
msgid "Default: ipaSshPubKey"
msgstr "Типове значення: ipaSshPubKey"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:546
+#: sssd-ipa.5.xml:565
msgid ""
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
@@ -5966,7 +6405,7 @@ msgstr ""
"ipa."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
-#: sssd-ipa.5.xml:553
+#: sssd-ipa.5.xml:572
#, no-wrap
msgid ""
" [domain/example.com]\n"
@@ -5980,7 +6419,7 @@ msgstr ""
" ipa_hostname = myhost.example.com\n"
#. type: Content of: <reference><refentry><refsect1><para>
-#: sssd-ipa.5.xml:564
+#: sssd-ipa.5.xml:583
msgid ""
"<citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sssd-ldap</"
@@ -6083,11 +6522,6 @@ msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr ""
"<emphasis>0</emphasis>: вимкнути додавання мікросекунд до часової позначки"
-#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sssd.8.xml:79
-msgid "Default: 0"
-msgstr "Типове значення: 0"
-
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sssd.8.xml:85
msgid "<option>-f</option>,<option>--debug-to-files</option>"
@@ -6569,7 +7003,7 @@ msgstr ""
"Якщо не вказано, буде використано типового користувача системи."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_useradd.8.xml:169
+#: sss_useradd.8.xml:171
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -7177,7 +7611,7 @@ msgstr ""
"вибере його автоматично."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupadd.8.xml:60
+#: sss_groupadd.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -7287,7 +7721,7 @@ msgstr ""
"яких є цей користувач."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_userdel.8.xml:95
+#: sss_userdel.8.xml:97
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -7340,7 +7774,7 @@ msgstr ""
"аргументу <replaceable>ГРУПА</replaceable>, з системи."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupdel.8.xml:48
+#: sss_groupdel.8.xml:50
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -7412,7 +7846,7 @@ msgstr ""
"безпосередніх батьківських груп."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_groupshow.8.xml:60
+#: sss_groupshow.8.xml:62
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
@@ -7522,7 +7956,7 @@ msgid "The SELinux user for the user's login."
msgstr "Ім’я користувача SELinux, що відповідає імені для входу до системи."
#. type: Content of: <reference><refentry><refsect1><para>
-#: sss_usermod.8.xml:140
+#: sss_usermod.8.xml:142
msgid ""
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
@@ -7660,6 +8094,88 @@ msgstr ""
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#: sss_cache.8.xml:108
+#, fuzzy
+#| msgid ""
+#| "<option>-u</option>,<option>--user</option> <replaceable>login</"
+#| "replaceable>"
+msgid ""
+"<option>-s</option>,<option>--service</option> <replaceable>service</"
+"replaceable>"
+msgstr ""
+"<option>-u</option>,<option>--user</option> <replaceable>реєстраційні дані</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:113
+#, fuzzy
+#| msgid "Invalidate specific user."
+msgid "Invalidate specific service."
+msgstr "Скасувати визначення вказаного користувача."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:119
+#, fuzzy
+#| msgid "<option>-U</option>,<option>--users</option>"
+msgid "<option>-S</option>,<option>--services</option>"
+msgstr "<option>-U</option>,<option>--users</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:123
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all service records. This option overrides invalidation of "
+"specific service if it was also set."
+msgstr ""
+"Скасувати визначення всіх записів. Цей параметр має вищий пріоритет за "
+"параметр скасування визначення для будь-якого користувача, якщо такий "
+"параметр вказано."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:130
+#, fuzzy
+#| msgid ""
+#| "<option>-d</option>,<option>--domain</option> <replaceable>domain</"
+#| "replaceable>"
+msgid ""
+"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
+"replaceable>"
+msgstr ""
+"<option>-d</option>,<option>--domain</option> <replaceable>домен</"
+"replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:135
+#, fuzzy
+#| msgid "Invalidate specific user."
+msgid "Invalidate specific autofs maps."
+msgstr "Скасувати визначення вказаного користувача."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:141
+#, fuzzy
+#| msgid "<option>-U</option>,<option>--users</option>"
+msgid "<option>-A</option>,<option>--autofs-maps</option>"
+msgstr "<option>-U</option>,<option>--users</option>"
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_cache.8.xml:145
+#, fuzzy
+#| msgid ""
+#| "Invalidate all user records. This option overrides invalidation of "
+#| "specific user if it was also set."
+msgid ""
+"Invalidate all autofs maps. This option overrides invalidation of specific "
+"map if it was also set."
+msgstr ""
+"Скасувати визначення всіх записів. Цей параметр має вищий пріоритет за "
+"параметр скасування визначення для будь-якого користувача, якщо такий "
+"параметр вказано."
+
+#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_cache.8.xml:152
msgid ""
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"replaceable>"
@@ -7668,7 +8184,7 @@ msgstr ""
"replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
-#: sss_cache.8.xml:113
+#: sss_cache.8.xml:157
msgid "Restrict invalidation process only to a particular domain."
msgstr "Обмежити процедуру скасування визначення лише певним доменом."
@@ -7967,7 +8483,7 @@ msgstr ""
"основі даних, отриманих у відповідь на спеціальний запит до DNS."
#. type: Content of: <refsect1><refsect2><title>
-#: include/service_discovery.xml:9
+#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:57
msgid "Configuration"
msgstr "Налаштування"
@@ -8120,6 +8636,253 @@ msgstr ""
"Якщо список комп’ютерів буде вичерпано, основний модуль перейде у режим "
"автономної роботи і повторюватиме спроби з’єднання кожні 30 секунд."
+#. type: Content of: <refsect1><title>
+#: include/ldap_id_mapping.xml:2
+msgid "ID MAPPING"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:4
+msgid ""
+"The ID-mapping feature allows SSSD to act as a client of Active Directory "
+"without requiring administrators to extend user attributes to support POSIX "
+"attributes for user and group identifiers."
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/ldap_id_mapping.xml:9
+msgid ""
+"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
+"ignored. This is to avoid the possibility of conflicts between automatically-"
+"assigned and manually-assigned values. If you need to use manually-assigned "
+"values, ALL values must be manually-assigned."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/ldap_id_mapping.xml:17
+msgid "Mapping Algorithm"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:19
+msgid ""
+"Active Directory provides an objectSID for every user and group object in "
+"the directory. This objectSID can be broken up into components that "
+"represent the Active Directory domain identity and the relative identifier "
+"(RID) of the user or group object."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:25
+msgid ""
+"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
+"into equally-sized component sections - called \"slices\"-. Each slice "
+"represents the space available to an Active Directory domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:31
+msgid ""
+"When a user or group entry for a particular domain is encountered for the "
+"first time, the SSSD allocates one of the available slices for that domain. "
+"In order to make this slice-assignment repeatable on different client "
+"machines, we select the slice based on the following algorithm:"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:38
+msgid ""
+"The SID string is passed through the murmurhash3 algorithm to convert it to "
+"a 32-bit hashed value. We then take the modulus of this value with the total "
+"number of available slices to pick the slice."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:44
+msgid ""
+"NOTE: It is possible to encounter collisions in the hash and subsequent "
+"modulus. In these situations, we will select the next available slice, but "
+"it may not be possible to reproduce the same exact set of slices on other "
+"machines (since the order that they are encountered will determine their "
+"slice). In this situation, it is recommended to either switch to using "
+"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
+"configure a default domain to guarantee that at least one is always "
+"consistent. See <quote>Configuration</quote> for details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:59
+msgid ""
+"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para><programlisting>
+#: include/ldap_id_mapping.xml:64
+#, no-wrap
+msgid ""
+"ldap_id_mapping = True\n"
+"ldap_schema = ad\n"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/ldap_id_mapping.xml:69
+msgid ""
+"The default configuration results in configuring 10,000 slices, each capable "
+"of holding up to 200,000 IDs, starting from 10,001 and going up to "
+"2,000,100,000. This should be sufficient for most deployments."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><title>
+#: include/ldap_id_mapping.xml:75
+#, fuzzy
+#| msgid "Configuration"
+msgid "Advanced Configuration"
+msgstr "Налаштування"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:78
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_min (integer)"
+msgstr "ldap_page_size (ціле число)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:81
+msgid ""
+"Specifies the lower bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:85
+msgid ""
+"NOTE: This option is different from <quote>id_mn</quote> in that "
+"<quote>id_min</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_min</"
+"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:95
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 10001"
+msgstr "Типове значення: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:100
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_max (integer)"
+msgstr "ldap_page_size (ціле число)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:103
+msgid ""
+"Specifies the upper bound of the range of POSIX IDs to use for mapping "
+"Active Directory user and group SIDs."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:107
+msgid ""
+"NOTE: This option is different from <quote>id_max</quote> in that "
+"<quote>id_max</quote> acts to filter the output of requests to this domain, "
+"whereas this option controls the range of ID assignment. This is a subtle "
+"distinction, but the good general advice would be to have <quote>id_max</"
+"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:117
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 2000100000"
+msgstr "Типове значення: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:122
+#, fuzzy
+#| msgid "ldap_page_size (integer)"
+msgid "ldap_idmap_range_size (integer)"
+msgstr "ldap_page_size (ціле число)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:125
+msgid ""
+"Specifies the number of IDs available for each slice. If the range size "
+"does not divide evenly into the min and max values, it will create as many "
+"complete slices as it can."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:131
+#, fuzzy
+#| msgid "Default: 1000"
+msgid "Default: 200000"
+msgstr "Типове значення: 1000"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:136
+#, fuzzy
+#| msgid "ldap_default_bind_dn (string)"
+msgid "ldap_idmap_default_domain_sid (string)"
+msgstr "ldap_default_bind_dn (рядок)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:139
+msgid ""
+"Specify the domain SID of the default domain. This will guarantee that this "
+"domain will always be assigned to slice zero in the ID map, bypassing the "
+"murmurhash algorithm described above."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:150
+#, fuzzy
+#| msgid "ldap_default_bind_dn (string)"
+msgid "ldap_idmap_default_domain (string)"
+msgstr "ldap_default_bind_dn (рядок)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:153
+#, fuzzy
+#| msgid "The type of the authentication token of the default bind DN."
+msgid "Specify the name of the default domain."
+msgstr "Тип розпізнавання для типової назви сервера прив’язки."
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
+#: include/ldap_id_mapping.xml:161
+#, fuzzy
+#| msgid "ldap_id_use_start_tls (boolean)"
+msgid "ldap_idmap_autorid_compat (boolean)"
+msgstr "ldap_id_use_start_tls (булеве значення)"
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:164
+msgid ""
+"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
+"winbind's <quote>idmap_autorid</quote> algorithm."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:169
+msgid ""
+"When this option is configured, domains will be allocated starting with "
+"slice zero and increasing monatomically with each additional domain."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
+#: include/ldap_id_mapping.xml:174
+msgid ""
+"NOTE: This algorithm is non-deterministic (it depends on the order that "
+"users and groups are requested). If this mode is required for compatibility "
+"with machines running winbind, it is recommended to also use the "
+"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
+"least one domain is consistently allocated to slice zero."
+msgstr ""
+
#. type: Content of: <varlistentry><term>
#: include/param_help.xml:3
msgid "<option>-h</option>,<option>--help</option>"
@@ -8272,3 +9035,44 @@ msgstr ""
"<emphasis> Цю можливість ще не перевірено достатнім чином. Будь ласка, якщо "
"помітите якісь вади, повідомте про них за допомогою настанов на сторінці "
"http://fedorahosted.org/sssd. </emphasis>"
+
+#. type: Content of: <refsect1><title>
+#: include/local.xml:2
+msgid "THE LOCAL DOMAIN"
+msgstr "ЛОКАЛЬНИЙ ДОМЕН"
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:4
+msgid ""
+"In order to function correctly, a domain with <quote>id_provider=local</"
+"quote> must be created and the SSSD must be running."
+msgstr ""
+"З метою забезпечення належної роботи слід створити домен з "
+"<quote>id_provider=local</quote> та запустити SSSD."
+
+#. type: Content of: <refsect1><para>
+#: include/local.xml:9
+msgid ""
+"The administrator might want to use the SSSD local users instead of "
+"traditional UNIX users in cases where the group nesting (see <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>) is needed. The local users are also useful for testing and "
+"development of the SSSD without having to deploy a full remote server. The "
+"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
+"local LDB storage to store users and groups."
+msgstr ""
+"Адміністратор може надати перевагу використанню локальних записів "
+"користувачів SSSD замість традиційних записів користувачів UNIX, якщо для "
+"роботи потрібна вкладеність груп (див. <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
+"citerefentry>). Використання локальних записів може також бути корисним для "
+"тестування та розробки програмного забезпечення з підтримкою SSSD (у такому "
+"разі не потрібно розгортати повноцінний віддалений сервер). Інструменти "
+"<command>sss_user*</command> та <command>sss_group*</command> використовують "
+"для зберігання записів користувачів і груп локальне сховище даних LDB."
+
+#~ msgid "Default: 7"
+#~ msgstr "Типове значення: 7"
+
+#~ msgid "<quote>permit</quote> always allow access."
+#~ msgstr "<quote>permit</quote> — завжди дозволяти доступ."