summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/man/po/es.po5411
-rw-r--r--src/man/po/nl.po5408
-rw-r--r--src/man/po/pl.po5328
-rw-r--r--src/man/po/po4a.cfg2
4 files changed, 16148 insertions, 1 deletions
diff --git a/src/man/po/es.po b/src/man/po/es.po
new file mode 100644
index 00000000..ec42b92a
--- /dev/null
+++ b/src/man/po/es.po
@@ -0,0 +1,5411 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Red Hat
+# This file is distributed under the same license as the sssd-docs package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: SSSD\n"
+"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
+"POT-Creation-Date: 2011-01-24 13:36-0500\n"
+"PO-Revision-Date: 2011-03-08 15:06+0000\n"
+"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
+"Language-Team: Spanish (Castilian) <None>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: es\n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+
+#. type: Content of: <reference><title>
+#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
+#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
+#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
+#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
+#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
+msgid "SSSD Manual pages"
+msgstr "Páginas de manual de SSSD"
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
+msgid "sss_groupmod"
+msgstr "sss_groupmod"
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
+#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
+#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
+#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+msgid "8"
+msgstr "8"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupmod.8.xml:16
+msgid "modify a group"
+msgstr "modifica un grupo"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupmod.8.xml:21
+msgid ""
+"<command>sss_groupmod</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>GROUP</replaceable></arg>"
+msgstr ""
+"<command>sss_groupmod</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>GROUP</replaceable></arg>"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:41
+#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
+#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
+#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
+#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
+msgid "DESCRIPTION"
+msgstr "DESCRIPCION"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupmod.8.xml:32
+msgid ""
+"<command>sss_groupmod</command> modifies the group to reflect the changes "
+"that are specified on the command line."
+msgstr ""
+"<command>sss_groupmod</command> modifica el grupo para reflejar los cambios "
+"indicados en la línea de comandos."
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:48 sssd.8.xml:42 sss_obfuscate.8.xml:59
+#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
+#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+msgid "OPTIONS"
+msgstr "OPCIONES"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
+msgid ""
+"<option>-a</option>,<option>--append-group</option> "
+"<replaceable>GROUPS</replaceable>"
+msgstr ""
+"<option>-a</option>,<option>--append-group</option> "
+"<replaceable>GROUPS</replaceable>"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupmod.8.xml:48
+msgid ""
+"Append this group to groups specified by the "
+"<replaceable>GROUPS</replaceable> parameter. The "
+"<replaceable>GROUPS</replaceable> parameter is a comma separated list of "
+"group names."
+msgstr ""
+"Agrega este grupo a otros grupos que hayan sido indicados con el parámetro "
+"<replaceable>GROUPS</replaceable>. El parámetros "
+"<replaceable>GROUPS</replaceable> es una lista de nombres de grupos "
+"separados por comas."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
+msgid ""
+"<option>-r</option>,<option>--remove-group</option> "
+"<replaceable>GROUPS</replaceable>"
+msgstr ""
+"<option>-r</option>,<option>--remove-group</option> "
+"<replaceable>GROUPS</replaceable>"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupmod.8.xml:62
+msgid ""
+"Remove this group from groups specified by the "
+"<replaceable>GROUPS</replaceable> parameter."
+msgstr ""
+"Elimina este grupo de los grupos especificados con el parámetro "
+"<replaceable>GROUPS</replaceable>"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1389
+#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
+#: sssd-ipa.5.xml:191 sssd.8.xml:166 sss_obfuscate.8.xml:104
+#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
+#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
+#: sss_usermod.8.xml:138
+msgid "SEE ALSO"
+msgstr "VEA TAMBIEN"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupmod.8.xml:74
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+"<citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
+msgid "sssd.conf"
+msgstr "sssd.conf"
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
+#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
+msgid "5"
+msgstr "5"
+
+#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
+#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
+#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
+msgid "File Formats and Conventions"
+msgstr "Formatos de archivo y convenciones"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
+#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
+msgid "the configuration file for SSSD"
+msgstr "El archivo de configuración de SSSD"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:21
+msgid "FILE FORMAT"
+msgstr "Formato de archivo"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:29
+#, no-wrap
+msgid ""
+" <replaceable>[section]</replaceable>\n"
+" <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
+" <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
+" "
+msgstr ""
+" <replaceable>[section]</replaceable>\n"
+" <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
+" <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
+" "
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:24
+msgid ""
+"The file has an ini-style syntax and consists of sections and parameters. A "
+"section begins with the name of the section in square brackets and continues"
+" until the next section begins. An example of section with single and multi-"
+"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+"El archivo posee una sintaxis de tipo ini consistente de secciones y "
+"parámetros. Una sección comienza con el nombre de dicha sección colocado "
+"entre corchetes, y continua hasta que comienza la próxima sección. Este es "
+"un ejemplo de una sección con parámetros de valores simples y múltiples: "
+"<placeholder type=\"programlisting\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:36
+msgid ""
+"The data types used are string (no quotes needed), integer and bool (with "
+"values of <quote>TRUE/FALSE</quote>)."
+msgstr ""
+"Los tipos de datos utilizados son cadenas (no es necesario ingresarlos entre"
+" comillas), enteros o booleanos (cuyos valores son "
+"<quote>TRUE/FALSE</quote>)."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:41
+msgid ""
+"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"(<quote>;</quote>)"
+msgstr ""
+"Una línea que ha sido comentada es iniciada con el símbolo numeral "
+"(<quote>#</quote>) o con un punto y coma (<quote>;</quote>)"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:46
+msgid ""
+"All sections can have an optional <replaceable>description</replaceable> "
+"parameter. Its function is only as a label for the section."
+msgstr ""
+"Todas las secciones pueden tener un parámetro opcional de "
+"<replaceable>descripción</replaceable>. Su función es solo la de servir como"
+" etiqueta a tal sección."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:52
+msgid ""
+"<filename>sssd.conf</filename> must be a regular file, owned by root and "
+"only root may read from or write to the file."
+msgstr ""
+"<filename>sssd.conf</filename> debe ser un archivo regular, cuyo dueño sea "
+"el usuario root, y sólo este usuario podrá tener permisos de lectura y "
+"escritura sobre él."
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:58
+msgid "SPECIAL SECTIONS"
+msgstr "SECCIONES ESPECIALES"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:61
+msgid "The [sssd] section"
+msgstr "La sección [sssd]"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><title>
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+msgid "Section parameters"
+msgstr "Parámetros de sección"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:72
+msgid "config_file_version (integer)"
+msgstr "config_file_version (entero)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:75
+msgid ""
+"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
+"version 2."
+msgstr ""
+"Indica cuál es la sintaxis del archivo de configuración. SSSD 0.6.0 y "
+"posteriores utilizan una versión 2."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:81
+msgid "services"
+msgstr "servicios"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:84
+msgid ""
+"Comma separated list of services that are started when sssd itself starts."
+msgstr ""
+"Una lista separadas por comas de los servicios que son iniciados cuando se "
+"enciende sssd."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:88
+msgid "Supported services: nss, pam"
+msgstr "Servicios soportados: nss, pam"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:93 sssd.conf.5.xml:234
+msgid "reconnection_retries (integer)"
+msgstr "reconnection_retries (entero)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:237
+msgid ""
+"Number of times services should attempt to reconnect in the event of a Data "
+"Provider crash or restart before they give up"
+msgstr ""
+"Cantidad de intentos de reconexión de los servicios ante una eventual caída "
+"de datos del proveedor, o de reiniciarse antes de abandonar"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:101 sssd.conf.5.xml:242
+msgid "Default: 3"
+msgstr "Predeterminado: 3"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:106
+msgid "domains"
+msgstr "dominios"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:109
+msgid ""
+"A domain is a database containing user information. SSSD can use more "
+"domains at the same time, but at least one must be configured or SSSD won't "
+"start. This parameter described the list of domains in the order you want "
+"them to be queried."
+msgstr ""
+"Un dominio es una base datos que contiene información del usuario. SSSD "
+"puede utilizar varios dominios al mismo tiempo, pero al menos uno debe ser "
+"configurado. De lo contrario SSSD no podrá iniciarse. Este parámetro "
+"describe una lista de los dominios, en el orden en que se prefiera que sean "
+"consultados."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:119
+msgid "re_expression (string)"
+msgstr "re_expression (cadena)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:122
+msgid ""
+"Regular expression that describes how to parse the string containing user "
+"name and domain into these components."
+msgstr ""
+"Expresiones regulares que describen cómo analizar la cadena, conteniendo "
+"nombre de usuariosy dominio en estos componentes."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:126
+msgid ""
+"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
+"which translates to \"the name is everything up to the <quote>@</quote> "
+"sign, the domain everything after that\""
+msgstr ""
+"Predeterminado: "
+"<quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> que traduce "
+"al \"todo lo que hay hasta el signo <quote>@</quote> es el nombre, el "
+"dominio es el resto detrás de este signo\""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:131
+msgid ""
+"PLEASE NOTE: the support for non-unique named subpatterns is not available "
+"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
+"version 7 or higher can support non-unique named subpatterns."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:138
+msgid ""
+"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax "
+"(?P&lt;name&gt;) to label subpatterns."
+msgstr ""
+"POR FAVOR TENGA EN CUENTA ADEMAS: Versiones anteriores de libpcre sólo "
+"soportan la sintaxis Python (?P&lt;name&gt;) para identificar subpatrones."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:145
+msgid "full_name_format (string)"
+msgstr "full_name_format (cadena)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:148
+msgid ""
+"A <citerefentry> <refentrytitle>printf</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes "
+"how to translate a (name, domain) tuple into a fully qualified name."
+msgstr ""
+"Un formato compatible con <citerefentry> "
+"<refentrytitle>printf</refentrytitle> <manvolnum>3</manvolnum> "
+"</citerefentry> que describe cómo traducir una tupla (nombre, dominio), a un"
+" nombre totalmente calificado."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:156
+msgid "Default: <quote>%1$s@%2$s</quote>."
+msgstr "Predeterminado: <quote>%1$s@%2$s</quote>."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:161
+msgid "try_inotify (boolean)"
+msgstr "try_inotify (booleano)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:164
+msgid ""
+"SSSD monitors the state of resolv.conf to identify when it needs to update "
+"its internal DNS resolver. By default, we will attempt to use inotify for "
+"this, and will fall back to polling resolv.conf every five seconds if "
+"inotify cannot be used."
+msgstr ""
+"SSSD monitorea el estado de resolv.conf para saber cuando es necesario "
+"actualizar su resolutor DNS interno. Por defecto, intentaremos utilizar para"
+" ello la herramienta inotify, quien consultará a resolv.conf cada cinco "
+"segundos en caso que inotify no pueda ser utilizado."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:172
+msgid ""
+"There are some limited situations where it is preferred that we should skip "
+"even trying to use inotify. In these rare cases, this option should be set "
+"to 'false'"
+msgstr ""
+"Existen algunas pocas situaciones en donde lo preferible es evitar el uso de"
+" inotify. En estas raras excepciones, la opción debería ser definida en "
+"'false' "
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:178
+msgid ""
+"Default: true on platforms where inotify is supported. False on other "
+"platforms."
+msgstr ""
+"Predeterminado: 'true' en plataformas donde inotify tenga soporte. 'False' "
+"en el resto de las plataformas."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:182
+msgid ""
+"Note: this option will have no effect on platforms where inotify is "
+"unavailable. On these platforms, polling will always be used."
+msgstr ""
+"Nota: esta opción no tendrá efecto en plataformas donde inotify no se "
+"encuenytre disponible. En estas plataformas, la consulta (polling) será "
+"utilizada siempre."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:63
+msgid ""
+"Individual pieces of SSSD functionality are provided by special SSSD "
+"services that are started and stopped together with SSSD. The services are "
+"managed by a special service frequently called <quote>monitor</quote>. The "
+"<quote>[sssd]</quote> section is used to configure the monitor as well as "
+"some other important options like the identity domains. <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:195
+msgid "SERVICES SECTIONS"
+msgstr "SECCIONES DE SERVICIOS"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:197
+msgid ""
+"Settings that can be used to configure different services are described in "
+"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
+"section, for example, for NSS service, the section would be "
+"<quote>[nss]</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:204
+msgid "General service configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:206
+msgid "These options can be used to configure any service."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:210
+msgid "debug_level (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:213
+msgid ""
+"Sets the debug level for the service. The value can be in range from 0 (only"
+" critical messages) to 10 (very verbose)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:218 sssd.conf.5.xml:312
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:223 sssd.8.xml:58
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:226 sssd.8.xml:61
+msgid "Add a timestamp to the debug messages"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:1015
+#: sssd-ldap.5.xml:1120 sssd-ipa.5.xml:155
+msgid "Default: true"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:247
+msgid "command (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:250
+msgid ""
+"By default, the executable representing this service is called "
+"<command>sssd_${service_name}</command>. This directive allows to change "
+"the executable name for the service. In the vast majority of configurations,"
+" the default values should suffice."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:258
+msgid "Default: <command>sssd_${service_name}</command>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:266
+msgid "NSS configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:268
+msgid ""
+"These options can be used to configure the Name Service Switch (NSS) "
+"service."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:273
+msgid "enum_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:276
+msgid ""
+"How many seconds should nss_sss cache enumerations (requests for info about "
+"all users)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:280
+msgid "Default: 120"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:285
+msgid "entry_cache_nowait_percentage (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:288
+msgid ""
+"The entry cache can be set to automatically update entries in the background"
+" if they are requested beyond a percentage of the entry_cache_timeout value "
+"for the domain."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:294
+msgid ""
+"For example, if the domain's entry_cache_timeout is set to 30s and "
+"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
+"after 15 seconds past the last cache update will be returned immediately, "
+"but the SSSD will go and update the cache on its own, so that future "
+"requests will not need to block waiting for a cache update."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:304
+msgid ""
+"Valid values for this option are 0-99 and represent a percentage of the "
+"entry_cache_timeout for each domain. For performance reasons, this "
+"percentage will never reduce the nowait timeout to less than 10 seconds. (0"
+" disables this feature)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:317
+msgid "entry_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:320
+msgid ""
+"Specifies for how many seconds nss_sss should cache negative cache hits "
+"(that is, queries for invalid database entries, like nonexistent ones) "
+"before asking the back end again."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:326 sssd-krb5.5.xml:223
+msgid "Default: 15"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:331
+msgid "filter_users, filter_groups (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:334
+msgid ""
+"Exclude certain users from being fetched from the sss NSS database. This is "
+"particularly useful for system accounts. This option can also be set per-"
+"domain or include fully-qualified names to filter only users from the "
+"particular domain."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:341
+msgid "Default: root"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:346
+msgid "filter_users_in_groups (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:349
+msgid ""
+"If you want filtered user still be group members set this option to false."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:360
+msgid "PAM configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:362
+msgid ""
+"These options can be used to configure the Pluggable Authentication Module "
+"(PAM) service."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367
+msgid "offline_credentials_expiration (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:370
+msgid ""
+"If the authentication provider is offline, how long should we allow cached "
+"logins (in days since the last successful online login)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+msgid "Default: 0 (No limit)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:381
+msgid "offline_failed_login_attempts (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384
+msgid ""
+"If the authentication provider is offline, how many failed login attempts "
+"are allowed."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:394
+msgid "offline_failed_login_delay (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:397
+msgid ""
+"The time in minutes which has to pass after offline_failed_login_attempts "
+"has been reached before a new login attempt is possible."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"If set to 0 the user cannot authenticate offline if "
+"offline_failed_login_attempts has been reached. Only a successful online "
+"authentication can enable enable offline authentication again."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+msgid "Default: 5"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:414
+msgid "pam_verbosity (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:417
+msgid ""
+"Controls what kind of messages are shown to the user during authentication. "
+"The higher the number to more messages are displayed."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Currently sssd supports the following values:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:425
+msgid "<emphasis>0</emphasis>: do not show any message"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:428
+msgid "<emphasis>1</emphasis>: show only important messages"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:432
+msgid "<emphasis>2</emphasis>: show informational messages"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:435
+msgid "<emphasis>3</emphasis>: show all messages and debug information"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:439
+msgid "Default: 1"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:444
+msgid "pam_id_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:447
+msgid ""
+"For any PAM request while SSSD is online, the SSSD will attempt to "
+"immediately update the cached identity information for the user in order to "
+"ensure that authentication takes place with the latest information."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"A complete PAM conversation may perform multiple PAM requests, such as "
+"account management and session opening. This option controls (on a per-"
+"client-application basis) how long (in seconds) we can cache the identity "
+"information to avoid excessive round-trips to the identity provider."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:467
+msgid "pam_pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:470
+msgid "Display a warning N days before the password expires."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:473
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:479
+msgid "Default: 7"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:488
+msgid "DOMAIN SECTIONS"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:495
+msgid "min_id,max_id (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:498
+msgid ""
+"UID and GID limits for the domain. If a domain contains an entry that is "
+"outside these limits, it is ignored."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:503
+msgid ""
+"For users, this affects the primary GID limit. The user will not be returned"
+" to NSS if either the UID or the primary GID is outside the range. For non-"
+"primary group memberships, those that are in range will be reported as "
+"expected."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:510
+msgid "Default: 1 for min_id, 0 (no limit) for max_id"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:516
+msgid "timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:519
+msgid ""
+"Timeout in seconds between heartbeats for this domain. This is used to "
+"ensure that the backend process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:524
+msgid "Default: 10"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:530
+msgid "enumerate (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:533
+msgid ""
+"Determines if a domain can be enumerated. This parameter can have one of the"
+" following values:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:537
+msgid "TRUE = Users and groups are enumerated"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:540
+msgid "FALSE = No enumerations for this domain"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+msgid "Default: FALSE"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:546
+msgid ""
+"Note: Enabling enumeration has a moderate performance impact on SSSD while "
+"enumeration is running. It may take up to several minutes after SSSD startup"
+" to fully complete enumerations. During this time, individual requests for "
+"information will go directly to LDAP, though it may be slow, due to the "
+"heavy enumeration processing."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:556
+msgid ""
+"While the first enumeration is running, requests for the complete user or "
+"group lists may return no results until it completes."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:561
+msgid ""
+"Further, enabling enumeration may increase the time necessary to detect "
+"network disconnection, as longer timeouts are required to ensure that "
+"enumeration lookups are completed successfully. For more information, refer"
+" to the man pages for the specific id_provider in use."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:572
+msgid "entry_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:575
+msgid ""
+"How many seconds should nss_sss consider entries valid before asking the "
+"backend again"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:579
+msgid "Default: 5400"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:584
+msgid "cache_credentials (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:587
+msgid "Determines if user credentials are also cached in the local LDB cache"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:596
+msgid "account_cache_expiration (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:599
+msgid ""
+"Number of days entries are left in cache after last successful login before "
+"being removed during a cleanup of the cache. 0 means keep forever. The "
+"value of this parameter must be greater than or equal to "
+"offline_credentials_expiration."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:606
+msgid "Default: 0 (unlimited)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:612
+msgid "id_provider (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:615
+msgid "The Data Provider identity backend to use for this domain."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:619
+msgid "Supported backends:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:622
+msgid "proxy: Support a legacy NSS provider"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:625
+msgid "local: SSSD internal local provider"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:628
+msgid "ldap: LDAP provider"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:634
+msgid "use_fully_qualified_names (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637
+msgid ""
+"If set to TRUE, all requests to this domain must use fully qualified names. "
+"For example, if used in LOCAL domain that contains a \"test\" user, "
+"<command>getent passwd test</command> wouldn't find the user while "
+"<command>getent passwd test@LOCAL</command> would."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:650
+msgid "auth_provider (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:653
+msgid ""
+"The authentication provider used for the domain. Supported auth providers "
+"are:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:657
+msgid ""
+"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:664
+msgid ""
+"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:671
+msgid ""
+"<quote>proxy</quote> for relaying authentication to some other PAM target."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:674
+msgid "<quote>none</quote> disables authentication explicitly."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:677
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can handle "
+"authentication requests."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:683
+msgid "access_provider (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:686
+msgid ""
+"The access control provider used for the domain. There are two built-in "
+"access providers (in addition to any included in installed backends) "
+"Internal special providers are:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:692
+msgid "<quote>permit</quote> always allow access."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:695
+msgid "<quote>deny</quote> always deny access."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:698
+msgid ""
+"<quote>simple</quote> access control based on access or deny lists. See "
+"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> for more information on configuring "
+"the simple access module."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:705
+msgid "Default: <quote>permit</quote>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:710
+msgid "chpass_provider (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:713
+msgid ""
+"The provider which should handle change password operations for the domain."
+" Supported change password providers are:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:718
+msgid ""
+"<quote>ipa</quote> to change a password stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring"
+" IPA."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:726
+msgid ""
+"<quote>ldap</quote> to change a password stored in a LDAP server. See "
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring"
+" LDAP."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:734
+msgid ""
+"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:742
+msgid ""
+"<quote>proxy</quote> for relaying password changes to some other PAM target."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:746
+msgid "<quote>none</quote> disallows password changes explicitly."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:749
+msgid ""
+"Default: <quote>auth_provider</quote> is used if it is set and can handle "
+"change password requests."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:756
+msgid "lookup_family_order (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:759
+msgid ""
+"Provides the ability to select preferred address family to use when "
+"performing DNS lookups."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:763
+msgid "Supported values:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:766
+msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:769
+msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:772
+msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:775
+msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:778
+msgid "Default: ipv4_first"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:784
+msgid "dns_resolver_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:787
+msgid ""
+"Defines the amount of time (in seconds) to wait for a reply from the DNS "
+"resolver before assuming that it is unreachable. If this timeout is reached,"
+" the domain will continue to operate in offline mode."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:799
+msgid "dns_discovery_domain (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:802
+msgid ""
+"If service discovery is used in the back end, specifies the domain part of "
+"the service discovery DNS query."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:806
+msgid "Default: Use the domain part of machine's hostname"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:490
+msgid ""
+"These configuration options can be present in a domain configuration "
+"section, that is, in a section called "
+"<quote>[domain/<replaceable>NAME</replaceable>]</quote> <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:818
+msgid "proxy_pam_target (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:821
+msgid "The proxy target PAM proxies to."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:824
+msgid ""
+"Default: not set by default, you have to take an existing pam configuration "
+"or create a new one and add the service name here."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:832
+msgid "proxy_lib_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:835
+msgid ""
+"The name of the NSS library to use in proxy domains. The NSS functions "
+"searched for in the library are in the form of _nss_$(libName)_$(function), "
+"for example _nss_files_getpwent."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:814
+msgid ""
+"Options valid for proxy domains. <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:847
+msgid "The local domain section"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:849
+msgid ""
+"This section contains settings for domain that stores users and groups in "
+"SSSD native database, that is, a domain that uses "
+"<replaceable>id_provider=local</replaceable>."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:856
+msgid "default_shell (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:859
+msgid "The default shell for users created with SSSD userspace tools."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:863
+msgid "Default: <filename>/bin/bash</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:868
+msgid "base_directory (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:871
+msgid ""
+"The tools append the login name to <replaceable>base_directory</replaceable>"
+" and use that as the home directory."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:876
+msgid "Default: <filename>/home</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:881
+msgid "create_homedir (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:884
+msgid ""
+"Indicate if a home directory should be created by default for new users. "
+"Can be overridden on command line."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+msgid "Default: TRUE"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "remove_homedir (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid ""
+"Indicate if a home directory should be removed by default for deleted users."
+" Can be overridden on command line."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:905
+msgid "homedir_umask (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:908
+msgid ""
+"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
+"on a newly created home directory."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:916
+msgid "Default: 077"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:921
+msgid "skel_dir (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:924
+msgid ""
+"The skeleton directory, which contains files and directories to be copied in"
+" the user's home directory, when the home directory is created by "
+"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:934
+msgid "Default: <filename>/etc/skel</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:939
+msgid "mail_dir (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:942
+msgid ""
+"The mail spool directory. This is needed to manipulate the mailbox when its "
+"corresponding user account is modified or deleted. If not specified, a "
+"default value is used."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:949
+msgid "Default: <filename>/var/mail</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:954
+msgid "userdel_cmd (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:957
+msgid ""
+"The command that is run after a user is removed. The command us passed the "
+"username of the user being removed as the first and only parameter. The "
+"return code of the command is not taken into account."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:963
+msgid "Default: None, no command is run"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1357 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:173 sssd-krb5.5.xml:405
+msgid "EXAMPLE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:979
+#, no-wrap
+msgid ""
+"[sssd]\n"
+"domains = LDAP\n"
+"services = nss, pam\n"
+"config_file_version = 2\n"
+"\n"
+"[nss]\n"
+"filter_groups = root\n"
+"filter_users = root\n"
+"\n"
+"[pam]\n"
+"\n"
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"ldap_uri = ldap://ldap.example.com\n"
+"ldap_search_base = dc=example,dc=com\n"
+"\n"
+"auth_provider = krb5\n"
+"krb5_server = kerberos.example.com\n"
+"krb5_realm = EXAMPLE.COM\n"
+"cache_credentials = true\n"
+"\n"
+"min_id = 10000\n"
+"max_id = 20000\n"
+"enumerate = False\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:975
+msgid ""
+"The following example shows a typical SSSD config. It does not describe "
+"configuration of the domains themselves - refer to documentation on "
+"configuring domains for more details. <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:1010
+msgid ""
+"<citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
+" <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
+msgid "sssd-ldap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:23
+msgid ""
+"This manual page describes the configuration of LDAP domains for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
+"information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:35
+msgid "You can configure SSSD to use more than one LDAP domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:38
+msgid ""
+"LDAP back end supports id, auth, access and chpass providers. If you want to"
+" authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
+"<command>sssd</command> <emphasis>does not</emphasis> support authentication"
+" over an unencrypted channel. If the LDAP server is used only as an "
+"identity provider, an encrypted channel is not needed. Please refer to "
+"<quote>ldap_access_filter</quote> config option for more information about "
+"using LDAP as an access provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-krb5.5.xml:63
+msgid "CONFIGURATION OPTIONS"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:60
+msgid "ldap_uri (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:63
+msgid ""
+"Specifies the list of URIs of the LDAP servers to which SSSD should connect "
+"in the order of preference. Refer to the <quote>FAILOVER</quote> section for"
+" more information on failover and server redundancy. If not specified, "
+"service discovery is enabled. For more information, refer to the "
+"<quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:73
+msgid "ldap_chpass_uri (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:76
+msgid ""
+"Specifies the list of URIs of the LDAP servers to which SSSD should connect "
+"in the order of preference to change the password of a user. Refer to the "
+"<quote>FAILOVER</quote> section for more information on failover and server "
+"redundancy."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:83
+msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:87
+msgid "Default: empty, i.e. ldap_uri is used."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:93
+msgid "ldap_search_base (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:96
+msgid "The default base DN to use for performing LDAP user operations."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:100
+msgid ""
+"Default: If not set the value of the defaultNamingContext or namingContexts "
+"attribute from the RootDSE of the LDAP server is used. If "
+"defaultNamingContext does not exists or has an empty value namingContexts is"
+" used. The namingContexts attribute must have a single value with the DN of"
+" the search base of the LDAP server to make this work. Multiple values are "
+"are not supported."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:114
+msgid "ldap_schema (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:117
+msgid ""
+"Specifies the Schema Type in use on the target LDAP server. Depending on "
+"the selected schema, the default attribute names retrieved from the servers "
+"may vary. The way that some attributes are handled may also differ. Three "
+"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"difference between these schema types is how group memberships are recorded "
+"in the server. With rfc2307, group members are listed by name in the "
+"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
+"members are listed by DN and stored in the <emphasis>member</emphasis> "
+"attribute."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:136
+msgid "Default: rfc2307"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:142
+msgid "ldap_default_bind_dn (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:145
+msgid "The default bind DN to use for performing LDAP operations."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:152
+msgid "ldap_default_authtok_type (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:155
+msgid "The type of the authentication token of the default bind DN."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:159
+msgid "The two mechanisms currently supported are:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:162
+msgid "password"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:165
+msgid "obfuscated_password"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:171
+msgid "ldap_default_authtok (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:174
+msgid ""
+"The authentication token of the default bind DN. Only clear text passwords "
+"are currently supported."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:181
+msgid "ldap_user_object_class (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:184
+msgid "The object class of a user entry in LDAP."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:187
+msgid "Default: posixAccount"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:193
+msgid "ldap_user_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:196
+msgid "The LDAP attribute that corresponds to the user's login name."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:200
+msgid "Default: uid"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:206
+msgid "ldap_user_uid_number (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:209
+msgid "The LDAP attribute that corresponds to the user's id."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:213
+msgid "Default: uidNumber"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:219
+msgid "ldap_user_gid_number (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:222
+msgid "The LDAP attribute that corresponds to the user's primary group id."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:226 sssd-ldap.5.xml:622
+msgid "Default: gidNumber"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:232
+msgid "ldap_user_gecos (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:235
+msgid "The LDAP attribute that corresponds to the user's gecos field."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:239
+msgid "Default: gecos"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:245
+msgid "ldap_user_home_directory (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:248
+msgid ""
+"The LDAP attribute that contains the name of the user's home directory."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:252
+msgid "Default: homeDirectory"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:258
+msgid "ldap_user_shell (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:261
+msgid "The LDAP attribute that contains the path to the user's default shell."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:265
+msgid "Default: loginShell"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:271
+msgid "ldap_user_uuid (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:274
+msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:278 sssd-ldap.5.xml:648 sssd-ldap.5.xml:741
+msgid "Default: nsUniqueId"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:284
+msgid "ldap_user_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:287 sssd-ldap.5.xml:657 sssd-ldap.5.xml:750
+msgid ""
+"The LDAP attribute that contains timestamp of the last modification of the "
+"parent object."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:291 sssd-ldap.5.xml:661 sssd-ldap.5.xml:754
+msgid "Default: modifyTimestamp"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:297
+msgid "ldap_user_shadow_last_change (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:300
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> counterpart (date of the last password change)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:310
+msgid "Default: shadowLastChange"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:316
+msgid "ldap_user_shadow_min (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:319
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> counterpart (minimum password age)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:328
+msgid "Default: shadowMin"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:334
+msgid "ldap_user_shadow_max (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> counterpart (maximum password age)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:346
+msgid "Default: shadowMax"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:352
+msgid "ldap_user_shadow_warning (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:355
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> counterpart (password warning period)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:365
+msgid "Default: shadowWarning"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:371
+msgid "ldap_user_shadow_inactive (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:374
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> counterpart (password inactivity period)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:384
+msgid "Default: shadowInactive"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:390
+msgid "ldap_user_shadow_expire (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:393
+msgid ""
+"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this"
+" parameter contains the name of an LDAP attribute corresponding to its "
+"<citerefentry> <refentrytitle>shadow</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> counterpart (account expiration "
+"date)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:403
+msgid "Default: shadowExpire"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:409
+msgid "ldap_user_krb_last_pwd_change (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:412
+msgid ""
+"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of"
+" an LDAP attribute storing the date and time of last password change in "
+"kerberos."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:418
+msgid "Default: krbLastPwdChange"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:424
+msgid "ldap_user_krb_password_expiration (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:427
+msgid ""
+"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of"
+" an LDAP attribute storing the date and time when current password expires."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:433
+msgid "Default: krbPasswordExpiration"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:439
+msgid "ldap_user_ad_account_expires (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:442
+msgid ""
+"When using ldap_account_expire_policy=ad, this parameter contains the name "
+"of an LDAP attribute storing the expiration time of the account."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:447
+msgid "Default: accountExpires"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:453
+msgid "ldap_user_ad_user_account_control (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:456
+msgid ""
+"When using ldap_account_expire_policy=ad, this parameter contains the name "
+"of an LDAP attribute storing the user account control bit field."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:461
+msgid "Default: userAccountControl"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:467
+msgid "ldap_ns_account_lock (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:470
+msgid ""
+"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
+"determines if access is allowed or not."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:475
+msgid "Default: nsAccountLock"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:481
+msgid "ldap_user_principal (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:484
+msgid ""
+"The LDAP attribute that contains the user's Kerberos User Principal Name "
+"(UPN)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:488
+msgid "Default: krbPrincipalName"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:494
+msgid "ldap_force_upper_case_realm (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:497
+msgid ""
+"Some directory servers, for example Active Directory, might deliver the "
+"realm part of the UPN in lower case, which might cause the authentication to"
+" fail. Set this option to a non-zero value if you want to use an upper-case "
+"realm."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:504 sssd-ldap.5.xml:961 sssd-ipa.5.xml:115 sssd.8.xml:64
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:266
+msgid "Default: false"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:510
+msgid "ldap_enumeration_refresh_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:513
+msgid ""
+"The LDAP attribute that contains how many seconds SSSD has to wait before "
+"refreshing its cache of enumerated records."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:518
+msgid "Default: 300"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:524
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:527
+msgid ""
+"Determine how often to check the cache for inactive entries (such as groups "
+"with no members and users who have never logged in) and remove them to save "
+"space."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:533
+msgid "Setting this option to zero will disable the cache cleanup operation."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:537
+msgid "Default: 10800 (12 hours)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:543
+msgid "ldap_user_fullname (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:546
+msgid "The LDAP attribute that corresponds to the user's full name."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:550 sssd-ldap.5.xml:609 sssd-ldap.5.xml:702
+msgid "Default: cn"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:556
+msgid "ldap_user_member_of (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:559
+msgid "The LDAP attribute that lists the user's group memberships."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:563
+msgid "Default: memberOf"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:569
+msgid "ldap_user_authorized_service (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:572
+msgid ""
+"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
+"use the presence of the authorizedService attribute in the user's LDAP entry"
+" to determine access privilege."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:579
+msgid ""
+"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
+"explicit allow (svc) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:584
+msgid "Default: authorizedService"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:590
+msgid "ldap_group_object_class (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:593
+msgid "The object class of a group entry in LDAP."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:596
+msgid "Default: posixGroup"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:602
+msgid "ldap_group_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:605
+msgid "The LDAP attribute that corresponds to the group name."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:615
+msgid "ldap_group_gid_number (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:618
+msgid "The LDAP attribute that corresponds to the group's id."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:628
+msgid "ldap_group_member (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:631
+msgid "The LDAP attribute that contains the names of the group's members."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:635
+msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:641
+msgid "ldap_group_uuid (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:644
+msgid ""
+"The LDAP attribute that contains the UUID/GUID of an LDAP group object."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:654
+msgid "ldap_group_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:667
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:670
+msgid ""
+"If ldap_schema is set to a schema format that supports nested groups (e.g. "
+"RFC2307bis), then this option controls how many levels of nesting SSSD will "
+"follow. This option has no effect on the RFC2307 schema."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:677
+msgid "Default: 2"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:683
+msgid "ldap_netgroup_object_class (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:686
+msgid "The object class of a netgroup entry in LDAP."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:689
+msgid "Default: nisNetgroup"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:695
+msgid "ldap_netgroup_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:698
+msgid "The LDAP attribute that corresponds to the netgroup name."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:708
+msgid "ldap_netgroup_member (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:711
+msgid "The LDAP attribute that contains the names of the netgroup's members."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:715
+msgid "Default: memberNisNetgroup"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:721
+msgid "ldap_netgroup_triple (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:724
+msgid ""
+"The LDAP attribute that contains the (host, user, domain) netgroup triples."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:728
+msgid "Default: nisNetgroupTriple"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:734
+msgid "ldap_netgroup_uuid (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:737
+msgid ""
+"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:747
+msgid "ldap_netgroup_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:760
+msgid "ldap_search_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:763
+msgid ""
+"Specifies the timeout (in seconds) that ldap searches are allowed to run "
+"before they are cancelled and cached results are returned (and offline mode "
+"is entered)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:769
+msgid ""
+"Note: this option is subject to change in future versions of the SSSD. It "
+"will likely be replaced at some point by a series of timeouts for specific "
+"lookup types."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:775 sssd-ldap.5.xml:817 sssd-ldap.5.xml:832
+msgid "Default: 6"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:781
+msgid "ldap_enumeration_search_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:784
+msgid ""
+"Specifies the timeout (in seconds) that ldap searches for user and group "
+"enumerations are allowed to run before they are cancelled and cached results"
+" are returned (and offline mode is entered)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:791
+msgid "Default: 60"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:797
+msgid "ldap_network_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:800
+msgid ""
+"Specifies the timeout (in seconds) after which the <citerefentry> "
+"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> "
+"</citerefentry>/<citerefentry> <refentrytitle>select</refentrytitle> "
+"<manvolnum>2</manvolnum> </citerefentry> following a <citerefentry> "
+"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> "
+"</citerefentry> returns in case of no activity."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:823
+msgid "ldap_opt_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:826
+msgid ""
+"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
+"will abort if no response is received. Also controls the timeout when "
+"communicating with the KDC in case of SASL bind."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:838
+msgid "ldap_tls_reqcert (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:841
+msgid ""
+"Specifies what checks to perform on server certificates in a TLS session, if"
+" any. It can be specified as one of the following values:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:847
+msgid ""
+"<emphasis>never</emphasis> = The client will not request or check any server"
+" certificate."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
+msgid ""
+"<emphasis>allow</emphasis> = The server certificate is requested. If no "
+"certificate is provided, the session proceeds normally. If a bad certificate"
+" is provided, it will be ignored and the session proceeds normally."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:858
+msgid ""
+"<emphasis>try</emphasis> = The server certificate is requested. If no "
+"certificate is provided, the session proceeds normally. If a bad certificate"
+" is provided, the session is immediately terminated."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid ""
+"<emphasis>demand</emphasis> = The server certificate is requested. If no "
+"certificate is provided, or a bad certificate is provided, the session is "
+"immediately terminated."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:870
+msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:874
+msgid "Default: hard"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:880
+msgid "ldap_tls_cacert (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:883
+msgid ""
+"Specifies the file that contains certificates for all of the Certificate "
+"Authorities that <command>sssd</command> will recognize."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:906 sssd-ldap.5.xml:947
+msgid ""
+"Default: use OpenLDAP defaults, typically in "
+"<filename>/etc/openldap/ldap.conf</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:895
+msgid "ldap_tls_cacertdir (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:898
+msgid ""
+"Specifies the path of a directory that contains Certificate Authority "
+"certificates in separate individual files. Typically the file names need to "
+"be the hash of the certificate followed by '.0'. If available, "
+"<command>cacertdir_rehash</command> can be used to create the correct names."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:913
+msgid "ldap_tls_cert (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:916
+msgid "Specifies the file that contains the certificate for the client's key."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:920 sssd-ldap.5.xml:932 sssd-krb5.5.xml:356
+msgid "Default: not set"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:926
+msgid "ldap_tls_key (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:929
+msgid "Specifies the file that contains the client's key."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:938
+msgid "ldap_tls_cipher_suite (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:941
+msgid ""
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
+"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> for format."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:954
+msgid "ldap_id_use_start_tls (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:957
+msgid ""
+"Specifies that the id_provider connection must also use <systemitem "
+"class=\"protocol\">tls</systemitem> to protect the channel."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:967
+msgid "ldap_sasl_mech (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:970
+msgid ""
+"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
+"supported."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:974 sssd-ldap.5.xml:1102
+msgid "Default: none"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:980
+msgid "ldap_sasl_authid (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:983
+msgid ""
+"Specify the SASL authorization id to use. When GSSAPI is used, this "
+"represents the Kerberos principal used for authentication to the directory."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:988
+msgid "Default: host/machine.fqdn@REALM"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:994
+msgid "ldap_krb5_keytab (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:997
+msgid "Specify the keytab to use when using SASL/GSSAPI."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1000
+msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1006
+msgid "ldap_krb5_init_creds (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1009
+msgid ""
+"Specifies that the id_provider should init Kerberos credentials (TGT). This"
+" action is performed only if SASL is used and the mechanism selected is "
+"GSSAPI."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1021
+msgid "ldap_krb5_ticket_lifetime (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1024
+msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1028
+msgid "Default: 86400 (24 hours)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1034 sssd-krb5.5.xml:74
+msgid "krb5_server (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1037 sssd-krb5.5.xml:77
+msgid ""
+"Specifies the list of IP addresses or hostnames of the Kerberos servers to "
+"which SSSD should connect in the order of preference. For more information "
+"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
+"An optional port number (preceded by a colon) may be appended to the "
+"addresses or hostnames. If empty, service discovery is enabled - for more "
+"information, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1049 sssd-krb5.5.xml:89
+msgid ""
+"When using service discovery for KDC or kpasswd servers, SSSD first searches"
+" for DNS entries that specify _udp as the protocol and falls back to _tcp if"
+" none are found."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1054 sssd-krb5.5.xml:94
+msgid ""
+"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD."
+" While the legacy name is recognized for the time being, users are advised "
+"to migrate their config files to use <quote>krb5_server</quote> instead."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1063 sssd-krb5.5.xml:103
+msgid "krb5_realm (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1066
+msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1069
+msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1075
+msgid "ldap_pwd_policy (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1078
+msgid ""
+"Select the policy to evaluate the password expiration on the client side. "
+"The following values are allowed:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1083
+msgid ""
+"<emphasis>none</emphasis> - No evaluation on the client side. This option "
+"cannot disable server-side password policies."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1088
+msgid ""
+"<emphasis>shadow</emphasis> - Use "
+"<citerefentry><refentrytitle>shadow</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> style attributes to evaluate if the "
+"password has expired. Note that the current version of sssd cannot update "
+"this attribute during a password change."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1096
+msgid ""
+"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
+"to determine if the password has expired. Use chpass_provider=krb5 to update"
+" these attributes when the password is changed."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1108
+msgid "ldap_referrals (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1111
+msgid "Specifies whether automatic referral chasing should be enabled."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1115
+msgid ""
+"Please note that sssd only supports referral chasing when it is compiled "
+"with OpenLDAP version 2.4.13 or higher."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1126
+msgid "ldap_dns_service_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1129
+msgid "Specifies the service name to use when service discovery is enabled."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133
+msgid "Default: ldap"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_chpass_dns_service_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"Specifies the service name to use to find an LDAP server which allows "
+"password changes when service discovery is enabled."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1147
+msgid "Default: not set, i.e. service discovery is disabled"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1153
+msgid "ldap_access_filter (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1156
+msgid ""
+"If using access_provider = ldap, this option is mandatory. It specifies an "
+"LDAP search filter criteria that must be met for the user to be granted "
+"access on this host. If access_provider = ldap and this option is not set, "
+"it will result in all users being denied access. Use access_provider = allow"
+" to change this default behavior."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1166
+msgid "Example:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ldap.5.xml:1169
+#, no-wrap
+msgid ""
+"access_provider = ldap\n"
+"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+" "
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1173
+msgid ""
+"This example means that access to this host is restricted to members of the "
+"\"allowedusers\" group in ldap."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1178
+msgid ""
+"Offline caching for this feature is limited to determining whether the "
+"user's last online login was granted access permission. If they were granted"
+" access during their last login, they will continue to be granted access "
+"while offline and vice-versa."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1186 sssd-ldap.5.xml:1227
+msgid "Default: Empty"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1192
+msgid "ldap_account_expire_policy (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1195
+msgid ""
+"With this option a client side evaluation of access control attributes can "
+"be enabled."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1199
+msgid ""
+"Please note that it is always recommended to use server side access control,"
+" i.e. the LDAP server should deny the bind request with a suitable error "
+"code even if the password is correct."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1206
+msgid "The following values are allowed:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1209
+msgid ""
+"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
+"determine if the account is expired."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1214
+msgid ""
+"<emphasis>ad</emphasis>: use the value of the 32bit field "
+"ldap_user_ad_user_account_control and allow access if the second bit is not "
+"set. If the attribute is missing access is granted. Also the expiration time"
+" of the account is checked."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1221
+msgid ""
+"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, "
+"<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check "
+"if access is allowed or not."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1233
+msgid "ldap_access_order (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1236
+msgid "Comma separated list of access control options. Allowed values are:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1240
+msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1243
+msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1247
+msgid ""
+"<emphasis>authorized_service</emphasis>: use the authorizedService attribute"
+" to determine access"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1252
+msgid "Default: filter"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1255
+msgid ""
+"Please note that it is a configuration error if a value is used more than "
+"once."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1262
+msgid "ldap_deref (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1265
+msgid ""
+"Specifies how alias dereferencing is done when performing a search. The "
+"following options are allowed:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1270
+msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1274
+msgid ""
+"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
+"the base object, but not in locating the base object of the search."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1279
+msgid ""
+"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
+"the base object of the search."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1284
+msgid ""
+"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
+"in locating the base object of the search."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1289
+msgid ""
+"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
+"client libraries)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:51
+msgid ""
+"All of the common configuration options that apply to SSSD domains also "
+"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:1301
+msgid "ADVANCED OPTIONS"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1308
+msgid "ldap_netgroup_search_base (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1311
+msgid ""
+"An optional base DN to restrict netgroup searches to a specific subtree."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1315 sssd-ldap.5.xml:1329 sssd-ldap.5.xml:1343
+msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1322
+msgid "ldap_user_search_base (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1325
+msgid "An optional base DN to restrict user searches to a specific subtree."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1336
+msgid "ldap_group_search_base (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1339
+msgid "An optional base DN to restrict group searches to a specific subtree."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1303
+msgid ""
+"These options are supported by LDAP domains, but they should be used with "
+"caution. Please include them in your configuration only if you know what you"
+" are doing. <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1359
+msgid ""
+"The following example assumes that SSSD is correctly configured and LDAP is "
+"set to one of the domains in the <replaceable>[domains]</replaceable> "
+"section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ldap.5.xml:1365
+#, no-wrap
+msgid ""
+" [domain/LDAP]\n"
+" id_provider = ldap\n"
+" auth_provider = ldap\n"
+" ldap_uri = ldap://ldap.mydomain.org\n"
+" ldap_search_base = dc=mydomain,dc=org\n"
+" ldap_tls_reqcert = demand\n"
+" cache_credentials = true\n"
+" enumerate = true\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1364 sssd-simple.5.xml:134 sssd-ipa.5.xml:181
+#: sssd-krb5.5.xml:414
+msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:1378 sssd_krb5_locator_plugin.8.xml:61
+msgid "NOTES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1380
+msgid ""
+"The descriptions of some of the configuration options in this manual page "
+"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
+"distribution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1391
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> <refentrytitle>sssd-"
+"krb5</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
+" <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <refentryinfo>
+#: pam_sss.8.xml:8 include/upstream.xml:2
+msgid ""
+"<productname>SSSD</productname> <orgname>The SSSD upstream - "
+"http://fedorahosted.org/sssd</orgname>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: pam_sss.8.xml:13 pam_sss.8.xml:18
+msgid "pam_sss"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: pam_sss.8.xml:19
+msgid "PAM module for SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: pam_sss.8.xml:24
+msgid ""
+"<command>pam_sss.so</command> <arg choice='opt'> "
+"<replaceable>forward_pass</replaceable> </arg> <arg choice='opt'> "
+"<replaceable>use_first_pass</replaceable> </arg> <arg choice='opt'> "
+"<replaceable>use_authtok</replaceable> </arg> <arg choice='opt'> "
+"<replaceable>retry=N</replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:42
+msgid ""
+"<command>pam_sss.so</command> is the PAM interface to the System Security "
+"Services daemon (SSSD). Errors and results are logged through "
+"<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:52
+msgid "<option>forward_pass</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:55
+msgid ""
+"If <option>forward_pass</option> is set the entered password is put on the "
+"stack for other PAM modules to use."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:62
+msgid "<option>use_first_pass</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:65
+msgid ""
+"The argument use_first_pass forces the module to use a previous stacked "
+"modules password and will never prompt the user - if no password is "
+"available or the password is not appropriate, the user will be denied "
+"access."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:73
+msgid "<option>use_authtok</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:76
+msgid ""
+"When password changing enforce the module to set the new password to the one"
+" provided by a previously stacked password module."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:83
+msgid "<option>retry=N</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:86
+msgid ""
+"If specified the user is asked another N times for a password if "
+"authentication fails. Default is 0."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:88
+msgid ""
+"Please note that this option might not work as expected if the application "
+"calling PAM handles the user dialog on its own. A typical example is "
+"<command>sshd</command> with <option>PasswordAuthentication</option>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss.8.xml:99
+msgid "MODULE TYPES PROVIDED"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:100
+msgid ""
+"All module types (<option>account</option>, <option>auth</option>, "
+"<option>password</option> and <option>session</option>) are provided."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss.8.xml:106
+msgid "FILES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:107
+msgid ""
+"If a password reset by root fails, because the corresponding SSSD provider "
+"does not support password resets, an individual message can be displayed. "
+"This message can e.g. contain instructions about how to reset a password."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:112
+msgid ""
+"The message is read from the file "
+"<filename>pam_sss_pw_reset_message.LOC</filename> where LOC stands for a "
+"locale string returned by <citerefentry> "
+"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> "
+"</citerefentry>. If there is no matching file the content of "
+"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be"
+" the owner of the files and only root may have read and write permissions "
+"while all other users must have only read permisssions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:122
+msgid ""
+"These files are searched in the directory "
+"<filename>/etc/sssd/customize/DOMAIN_NAME/</filename>. If no matching file "
+"is present a generic message is displayed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:130
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
+msgid "sssd_krb5_locator_plugin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:22
+msgid ""
+"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
+"used by the Kerberos provider of <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>"
+" to tell the Kerberos libraries what Realm and which KDC to use. Typically "
+"this is done in <citerefentry> <refentrytitle>krb5.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> which is always read by the "
+"Kerberos libraries. To simplyfy the configuration the Realm and the KDC can "
+"be defined in <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> as described in <citerefentry> "
+"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:48
+msgid ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry> puts the Realm and the name or IP address of the KDC into "
+"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
+"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
+"libraries it reads and evaluates these variable and returns them to the "
+"libraries."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:63
+msgid ""
+"Not all Kerberos implementations support the use of plugins. If "
+"<command>sssd_krb5_locator_plugin</command> is not available on your system "
+"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:69
+msgid ""
+"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
+"debug messages will be sent to stderr."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:77
+msgid ""
+"<citerefentry> <refentrytitle>sssd-"
+"krb5</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
+" <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
+msgid "sssd-simple"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-simple.5.xml:17
+msgid "the configuration file for SSSD's 'simple' access-control provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:24
+msgid ""
+"This manual page describes the configuration of the simple access-control "
+"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
+"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:38
+msgid ""
+"The simple access provider grants or denies access based on an access or "
+"deny list of user or group names. The following rules apply:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:43
+msgid "If all lists are empty, access is granted"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:47
+msgid ""
+"If any list is provided, the order of evaluation is allow,deny. This means "
+"that any matching deny rule will supersede any matched allow rule."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:54
+msgid ""
+"If either or both \"allow\" lists are provided, all users are denied unless "
+"they appear in the list."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:60
+msgid ""
+"If only \"deny\" lists are provided, all users are granted access unless "
+"they appear in the list."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:78
+msgid "simple_allow_users (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:81
+msgid "Comma separated list of users who are allowed to log in."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:88
+msgid "simple_deny_users (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:91
+msgid "Comma separated list of users who are explicitly denied access."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:97
+msgid "simple_allow_groups (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:100
+msgid ""
+"Comma separated list of groups that are allowed to log in. This applies only"
+" to groups within this SSSD domain. Local groups are not evaluated."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:108
+msgid "simple_deny_groups (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:111
+msgid ""
+"Comma separated list of groups that are explicitly denied access. This "
+"applies only to groups within this SSSD domain. Local groups are not "
+"evaluated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+msgid ""
+"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page for details on the configuration of an SSSD "
+"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:120
+msgid ""
+"Please note that it is an configuration error if both, simple_allow_users "
+"and simple_deny_users, are defined."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:128
+msgid ""
+"The following example assumes that SSSD is correctly configured and "
+"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
+"section. This examples shows only the simple access provider-specific "
+"options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-simple.5.xml:135
+#, no-wrap
+msgid ""
+" [domain/example.com]\n"
+" access_provider = simple\n"
+" simple_allow_users = user1, user2\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:145
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
+msgid "sssd-ipa"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:23
+msgid ""
+"This manual page describes the configuration of the IPA provider for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:36
+msgid ""
+"The IPA provider is a back end used to connect to an IPA server. (Refer to "
+"the freeipa.org web site for information about IPA servers.) This provider "
+"requires that the machine be joined to the IPA domain; configuration is "
+"almost entirely self-discovered and obtained directly from the server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:43
+msgid ""
+"The IPA provider accepts the same options used by the <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> identity provider and the <citerefentry> <refentrytitle"
+">sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> "
+"authentication provider. However, it is neither necessary nor recommended "
+"to set these options. IPA provider can also be used as an access and chpass"
+" provider. As an access provider it uses HBAC (host-based access control) "
+"rules. Please refer to freeipa.org for more information about HBAC. No "
+"configuration of access provider is required on the client side."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:69
+msgid "ipa_domain (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:72
+msgid ""
+"Specifies the name of the IPA domain. This is optional. If not provided, "
+"the configuration domain name is used."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:80
+msgid "ipa_server (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:83
+msgid ""
+"The list of IP addresses or hostnames of the IPA servers to which SSSD "
+"should connect in the order of preference. For more information on failover "
+"and server redundancy, see the <quote>FAILOVER</quote> section. This is "
+"optional if autodiscovery is enabled. For more information on service "
+"discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:96
+msgid "ipa_hostname (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:99
+msgid ""
+"Optional. May be set on machines where the hostname(5) does not reflect the "
+"fully qualified name used in the IPA domain to identify this host."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:107
+msgid "ipa_dyndns_update (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:110
+msgid ""
+"Optional. This option tells SSSD to automatically update the DNS server "
+"built into FreeIPA v2 with the IP address of this client."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:121
+msgid "ipa_dyndns_iface (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:124
+msgid ""
+"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
+"interface whose IP address should be used for dynamic DNS updates."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:129
+msgid "Default: Use the IP address of the IPA LDAP connection"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:135
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:138
+msgid ""
+"Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:142
+msgid "Default: Use base DN"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+msgid "krb5_validate (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+msgid ""
+"Verify with the help of krb5_keytab that the TGT obtained has not been "
+"spoofed."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:158
+msgid ""
+"Note that this default differs from the traditional Kerberos provider back "
+"end."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:175
+msgid ""
+"The following example assumes that SSSD is correctly configured and "
+"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
+"section. This examples shows only the ipa provider-specific options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ipa.5.xml:182
+#, no-wrap
+msgid ""
+" [domain/example.com]\n"
+" id_provider = ipa\n"
+" ipa_server = ipaserver.example.com\n"
+" ipa_hostname = myhost.example.com\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:193
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
+" <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd.8.xml:10 sssd.8.xml:15
+msgid "sssd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd.8.xml:16
+msgid "System Security Services Daemon"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sssd.8.xml:21
+msgid ""
+"<command>sssd</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:31
+msgid ""
+"<command>SSSD</command> provides a set of daemons to manage access to remote"
+" directories and authentication mechanisms. It provides an NSS and PAM "
+"interface toward the system and a pluggable backend system to connect to "
+"multiple different account sources as well as D-Bus interface. It is also "
+"the basis to provide client auditing and policy services for projects like "
+"FreeIPA. It provides a more robust database to store local users as well as "
+"extended user data."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:46
+msgid ""
+"<option>-d</option>,<option>--debug-level</option> "
+"<replaceable>LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:51
+msgid ""
+"Debug level to run the daemon with. 0 is the default as well as the lowest "
+"allowed value, 10 is the most verbose mode. This setting overrides the "
+"settings from config file. This parameter implies <option>-i</option>."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:70
+msgid "<option>-f</option>,<option>--debug-to-files</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:74
+msgid ""
+"Send the debug output to files instead of stderr. By default, the log files "
+"are stored in <filename>/var/log/sssd</filename> and there are separate log "
+"files for every SSSD service and domain."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:82
+msgid "<option>-D</option>,<option>--daemon</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:86
+msgid "Become a daemon after starting up."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:92
+msgid "<option>-i</option>,<option>--interactive</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:96
+msgid "Run in the foreground, don't become a daemon."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:102
+msgid "<option>-c</option>,<option>--config</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:106
+msgid ""
+"Specify a non-default config file. The default is "
+"<filename>/etc/sssd/sssd.conf</filename>. For reference on the config file "
+"syntax and options, consult the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.8.xml:122
+msgid "Signals"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:125
+msgid "SIGTERM/SIGINT"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:128
+msgid ""
+"Informs the SSSD to gracefully terminate all of its child processes and then"
+" shut down the monitor."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:134
+msgid "SIGHUP"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:137
+msgid ""
+"Tells the SSSD to stop writing to its current debug file descriptors and to "
+"close and reopen them. This is meant to facilitate log rolling with programs"
+" like logrotate."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:145
+msgid "SIGUSR1"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:148
+msgid ""
+"Tells the SSSD to simulate offline operation for one minute. This is mostly "
+"useful for testing purposes."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:154
+msgid "SIGUSR2"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:157
+msgid ""
+"Tells the SSSD to go online immediately. This is mostly useful for testing "
+"purposes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:168
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
+msgid "sss_obfuscate"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_obfuscate.8.xml:16
+msgid "obfuscate a clear text password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_obfuscate.8.xml:21
+msgid ""
+"<command>sss_obfuscate</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>[PASSWORD]</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:32
+msgid ""
+"<command>sss_obfuscate</command> converts a given password into human-"
+"unreadable format and places it into appropriate domain section of the SSSD "
+"config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:37
+msgid ""
+"The cleartext password can be specified as an argument to the program, read "
+"from standard input or entered interactively. The obfuscated password is "
+"put into <quote>ldap_default_authtok</quote> parameter of a given SSSD "
+"domain and the <quote>ldap_default_authtok_type</quote> parameter is set to "
+"<quote>obfuscated_password</quote>. Refer to <citerefentry> <refentrytitle"
+">sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more"
+" details on these parameters."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:50
+msgid ""
+"Please note that obfuscating the password provides <emphasis>no real "
+"security benefit</emphasis> as it is still possible for an attacker to "
+"reverse-engineer the password back. Using better authentication mechanisms "
+"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
+"advised."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:64
+msgid "<option>-s</option>,<option>--stdin</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:68
+msgid "The password to obfuscate will be read from standard input."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:75
+msgid ""
+"<option>-d</option>,<option>--domain</option> "
+"<replaceable>DOMAIN</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:80
+msgid ""
+"The SSSD domain to use the password in. The default name is "
+"<quote>default</quote>."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:87
+msgid ""
+"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:92
+msgid "Read the config file specified by the positional parameter."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:96
+msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:106
+msgid ""
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
+msgid "sss_useradd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_useradd.8.xml:16
+msgid "create a new user"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_useradd.8.xml:21
+msgid ""
+"<command>sss_useradd</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>LOGIN</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_useradd.8.xml:32
+msgid ""
+"<command>sss_useradd</command> creates a new user account using the values "
+"specified on the command line plus the default values from the system."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:43
+msgid ""
+"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:48
+msgid ""
+"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
+"not given, it is chosen automatically."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
+msgid ""
+"<option>-c</option>,<option>--gecos</option> "
+"<replaceable>COMMENT</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
+msgid ""
+"Any text string describing the user. Often used as the field for the user's "
+"full name."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
+msgid ""
+"<option>-h</option>,<option>--home</option> "
+"<replaceable>HOME_DIR</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:72
+msgid ""
+"The home directory of the user account. The default is to append the "
+"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
+"that as the home directory. The base that is prepended before "
+"<replaceable>LOGIN</replaceable> is tunable with "
+"<quote>user_defaults/baseDirectory</quote> setting in sssd.conf."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
+msgid ""
+"<option>-s</option>,<option>--shell</option> "
+"<replaceable>SHELL</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:87
+msgid ""
+"The user's login shell. The default is currently "
+"<filename>/bin/bash</filename>. The default can be changed with "
+"<quote>user_defaults/defaultShell</quote> setting in sssd.conf."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:96
+msgid ""
+"<option>-G</option>,<option>--groups</option> "
+"<replaceable>GROUPS</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:101
+msgid "A list of existing groups this user is also a member of."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:107
+msgid "<option>-m</option>,<option>--create-home</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:111
+msgid ""
+"Create the user's home directory if it does not exist. The files and "
+"directories contained in the skeleton directory (which can be defined with "
+"the -k option or in the config file) will be copied to the home directory."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:121
+msgid "<option>-M</option>,<option>--no-create-home</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:125
+msgid ""
+"Do not create the user's home directory. Overrides configuration settings."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:132
+msgid ""
+"<option>-k</option>,<option>--skel</option> "
+"<replaceable>SKELDIR</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:137
+msgid ""
+"The skeleton directory, which contains files and directories to be copied in"
+" the user's home directory, when the home directory is created by "
+"<command>sss_useradd</command>."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:143
+msgid ""
+"This option is only valid if the <option>-m</option> (or <option>--create-"
+"home</option>) option is specified, or creation of home directories is set "
+"to TRUE in the configuration."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
+msgid ""
+"<option>-Z</option>,<option>--selinux-user</option> "
+"<replaceable>SELINUX_USER</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:157
+msgid ""
+"The SELinux user for the user's login. If not specified, the system default "
+"will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_useradd.8.xml:169
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
+msgid "sssd-krb5"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:23
+msgid ""
+"This manual page describes the configuration of the Kerberos 5 "
+"authentication backend for <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, please refer to the "
+"<quote>FILE FORMAT</quote> section of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:36
+msgid ""
+"The Kerberos 5 authentication backend contains auth and chpass providers. It"
+" must be paired with identity provider in order to function properly (for "
+"example, id_provider = ldap). Some information required by the Kerberos 5 "
+"authentication backend must be provided by the identity provider, such as "
+"the user's Kerberos Principal Name (UPN). The configuration of the identity "
+"provider should have an entry to specify the UPN. Please refer to the man "
+"page for the applicable identity provider for details on how to configure "
+"this."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:47
+msgid ""
+"This backend also provides access control based on the .k5login file in the "
+"home directory of the user. See <citerefentry> "
+"<refentrytitle>.k5login</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry> for more details. Please note that an empty .k5login file "
+"will deny all access to this user. To activate this feature use "
+"'access_provider = krb5' in your sssd configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:55
+msgid ""
+"In the case where the UPN is not available in the identity backend "
+"<command>sssd</command> will construct a UPN using the format "
+"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:106
+msgid ""
+"The name of the Kerberos realm. This option is required and must be "
+"specified."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:113
+msgid "krb5_kpasswd (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:116
+msgid ""
+"If the change password service is not running on the KDC alternative servers"
+" can be defined here. An optional port number (preceded by a colon) may be "
+"appended to the addresses or hostnames."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:122
+msgid ""
+"For more information on failover and server redundancy, see the "
+"<quote>FAILOVER</quote> section. Please note that even if there are no more"
+" kpasswd servers to try the back end is not switch to offline if "
+"authentication against the KDC is still possible."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:129
+msgid "Default: Use the KDC"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:135
+msgid "krb5_ccachedir (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:138
+msgid ""
+"Directory to store credential caches. All the substitution sequences of "
+"krb5_ccname_template can be used here, too, except %d and %P. If the "
+"directory does not exist it will be created. If %u, %U, %p or %h are used a "
+"private directory belonging to the user is created. Otherwise a public "
+"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
+"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
+"</citerefentry> for details) is created."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:151
+msgid "Default: /tmp"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:157
+msgid "krb5_ccname_template (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:171
+msgid "login UID"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:174
+msgid "%p"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:175
+msgid "principal name"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:179
+msgid "%r"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:180
+msgid "realm name"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:183
+msgid "%h"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:184
+msgid "home directory"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:189
+msgid "value of krb5ccache_dir"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:194
+msgid "%P"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:195
+msgid "the process ID of the sssd client"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:160
+msgid ""
+"Location of the user's credential cache. Currently only file based "
+"credential caches are supported. In the template the following sequences are"
+" substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
+"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
+"way."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:209
+msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:215
+msgid "krb5_auth_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:218
+msgid ""
+"Timeout in seconds after an online authentication or change password request"
+" is aborted. If possible the authentication request is continued offline."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:241
+msgid "krb5_keytab (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:244
+msgid ""
+"The location of the keytab to use when validating credentials obtained from "
+"KDCs."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:248
+msgid "Default: /etc/krb5.keytab"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:254
+msgid "krb5_store_password_if_offline (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:257
+msgid ""
+"Store the password of the user if the provider is offline and use it to "
+"request a TGT when the provider gets online again."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:262
+msgid ""
+"Please note that this feature currently only available on a Linux platform."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:272
+msgid "krb5_renewable_lifetime (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:275
+msgid ""
+"Request a renewable ticket with a total lifetime given by an integer "
+"immediately followed by one of the following delimiters:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:280 sssd-krb5.5.xml:316
+msgid "<emphasis>s</emphasis> seconds"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
+msgid "<emphasis>m</emphasis> minutes"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
+msgid "<emphasis>h</emphasis> hours"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
+msgid "<emphasis>d</emphasis> days."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
+msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:296
+msgid ""
+"Please note that it is not possible to mix units. If you want to set the "
+"renewable lifetime to one and a half hours please use '90m' instead of "
+"'1h30m'."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:302
+msgid "Default: not set, i.e. the TGT is not renewable"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:308
+msgid "krb5_lifetime (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:311
+msgid ""
+"Request ticket with a with a lifetime given by an integer immediately "
+"followed by one of the following delimiters:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:332
+msgid ""
+"Please note that it is not possible to mix units. If you want to set the "
+"lifetime to one and a half hours please use '90m' instead of '1h30m'."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:337
+msgid ""
+"Default: not set, i.e. the default ticket lifetime configured on the KDC."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:344
+msgid "krb5_renew_interval (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:347
+msgid ""
+"The time in seconds between two checks if the TGT should be renewed. TGTs "
+"are renewed if about half of their lifetime is exceeded."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:352
+msgid "If this option is not set or 0 the automatic renewal is disabled."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:362
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:365
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:370
+msgid ""
+"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
+"option at all."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:374
+msgid ""
+"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
+"continue without."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:378
+msgid ""
+"<emphasis>demand</emphasis> to use FAST, fail if the server does not require"
+" fast."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:382
+msgid "Default: not set, i.e. FAST is not used."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:385
+msgid "Please note that a keytab is required to use fast."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:388
+msgid ""
+"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
+"and above. If sssd used used with an older version using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:65
+msgid ""
+"If the auth-module krb5 is used in a SSSD domain, the following options must"
+" be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
+"SECTIONS</quote> for details on the configuration of a SSSD domain. "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:407
+msgid ""
+"The following example assumes that SSSD is correctly configured and FOO is "
+"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
+"example shows only configuration of Kerberos authentication, it does not "
+"include any identity provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-krb5.5.xml:415
+#, no-wrap
+msgid ""
+" [domain/FOO]\n"
+" auth_provider = krb5\n"
+" krb5_server = 192.168.1.1\n"
+" krb5_realm = EXAMPLE.COM\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:426
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
+" <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
+msgid "sss_groupadd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupadd.8.xml:16
+msgid "create a new group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupadd.8.xml:21
+msgid ""
+"<command>sss_groupadd</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>GROUP</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupadd.8.xml:32
+msgid ""
+"<command>sss_groupadd</command> creates a new group. These groups are "
+"compatible with POSIX groups, with the additional feature that they can "
+"contain other groups as members."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupadd.8.xml:43
+msgid ""
+"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupadd.8.xml:48
+msgid ""
+"Set the GID of the group to the value of <replaceable>GID</replaceable>. If"
+" not given, it is chosen automatically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupadd.8.xml:60
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
+msgid "sss_userdel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_userdel.8.xml:16
+msgid "delete a user account"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_userdel.8.xml:21
+msgid ""
+"<command>sss_userdel</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>LOGIN</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_userdel.8.xml:32
+msgid ""
+"<command>sss_userdel</command> deletes a user identified by login name "
+"<replaceable>LOGIN</replaceable> from the system."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:44
+msgid "<option>-r</option>,<option>--remove</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:48
+msgid ""
+"Files in the user's home directory will be removed along with the home "
+"directory itself and the user's mail spool. Overrides the configuration."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:56
+msgid "<option>-R</option>,<option>--no-remove</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:60
+msgid ""
+"Files in the user's home directory will NOT be removed along with the home "
+"directory itself and the user's mail spool. Overrides the configuration."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:68
+msgid "<option>-f</option>,<option>--force</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:72
+msgid ""
+"This option forces <command>sss_userdel</command> to remove the user's home "
+"directory and mail spool, even if they are not owned by the specified user."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:80
+msgid "<option>-k</option>,<option>--kick</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:84
+msgid "Before actually deleting the user, terminate all his processes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_userdel.8.xml:95
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
+msgid "sss_groupdel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupdel.8.xml:16
+msgid "delete a group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupdel.8.xml:21
+msgid ""
+"<command>sss_groupdel</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>GROUP</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupdel.8.xml:32
+msgid ""
+"<command>sss_groupdel</command> deletes a group identified by its name "
+"<replaceable>GROUP</replaceable> from the system."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupdel.8.xml:48
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
+msgid "sss_groupshow"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupshow.8.xml:16
+msgid "print properties of a group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupshow.8.xml:21
+msgid ""
+"<command>sss_groupshow</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>GROUP</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupshow.8.xml:32
+msgid ""
+"<command>sss_groupshow</command> displays information about a group "
+"identified by its name <replaceable>GROUP</replaceable>. The information "
+"includes the group ID number, members of the group and the parent group."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupshow.8.xml:43
+msgid "<option>-R</option>,<option>--recursive</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupshow.8.xml:47
+msgid ""
+"Also print indirect group members in a tree-like hierarchy. Note that this "
+"also affects printing parent groups - without <option>R</option>, only the "
+"direct parent will be printed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupshow.8.xml:60
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
+msgid "sss_usermod"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_usermod.8.xml:16
+msgid "modify a user account"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_usermod.8.xml:21
+msgid ""
+"<command>sss_usermod</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>LOGIN</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_usermod.8.xml:32
+msgid ""
+"<command>sss_usermod</command> modifies the account specified by "
+"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
+"on the command line."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:60
+msgid "The home directory of the user account."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:71
+msgid "The user's login shell."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:82
+msgid ""
+"Append this user to groups specified by the "
+"<replaceable>GROUPS</replaceable> parameter. The "
+"<replaceable>GROUPS</replaceable> parameter is a comma separated list of "
+"group names."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:96
+msgid ""
+"Remove this user from groups specified by the "
+"<replaceable>GROUPS</replaceable> parameter."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:103
+msgid "<option>-l</option>,<option>--lock</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:107
+msgid "Lock the user account. The user won't be able to log in."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:114
+msgid "<option>-u</option>,<option>--unlock</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:118
+msgid "Unlock the user account."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:129
+msgid "The SELinux user for the user's login."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_usermod.8.xml:140
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/service_discovery.xml:2
+msgid "SERVICE DISCOVERY"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/service_discovery.xml:4
+msgid ""
+"The service discovery feature allows back ends to automatically find the "
+"appropriate servers to connect to using a special DNS query."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:9
+msgid "Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:11
+msgid ""
+"If no servers are specified, the back end automatically uses service "
+"discovery to try to find a server. Optionally, the user may choose to use "
+"both fixed server addresses and service discovery by inserting a special "
+"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
+"preference is maintained. This feature is useful if, for example, the user "
+"prefers to use service discovery whenever possible, and fall back to a "
+"specific server when no servers can be discovered using DNS."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:23
+msgid "The domain name"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:25
+msgid ""
+"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page for more details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:35
+msgid "The protocol"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:37
+msgid ""
+"The queries usually specify _tcp as the protocol. Exceptions are documented "
+"in respective option description."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:42
+msgid "See Also"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:44
+msgid ""
+"For more information on the service discovery mechanism, refer to RFC 2782."
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: include/upstream.xml:1
+msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/failover.xml:2
+msgid "FAILOVER"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/failover.xml:4
+msgid ""
+"The failover feature allows back ends to automatically switch to a different"
+" server if the primary server fails."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:8
+msgid "Failover Syntax"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:10
+msgid ""
+"The list of servers is given as a comma-separated list; any number of spaces"
+" is allowed around the comma. The servers are listed in order of preference."
+" The list can contain any number of servers."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:17
+msgid "The Failover Mechanism"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:19
+msgid ""
+"The failover mechanism distinguishes between a machine and a service. The "
+"back end first tries to resolve the hostname of a given machine; if this "
+"resolution attempt fails, the machine is considered offline. No further "
+"attempts are made to connect to this machine for any other service. If the "
+"resolution attempt succeeds, the back end tries to connect to a service on "
+"this machine. If the service connection attempt fails, then only this "
+"particular service is considered offline and the back end automatically "
+"switches over to the next service. The machine is still considered online "
+"and might still be tried for another service."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:32
+msgid ""
+"Further connection attempts are made to machines or services marked as "
+"offline after a specified period of time; this is currently hard coded to 30"
+" seconds."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:37
+msgid ""
+"If there are no more machines to try, the back end as a whole switches to "
+"offline mode, and then attempts to reconnect every 30 seconds."
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/param_help.xml:3
+msgid "<option>-h</option>,<option>--help</option>"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/param_help.xml:7
+msgid "Display help message and exit."
+msgstr ""
diff --git a/src/man/po/nl.po b/src/man/po/nl.po
new file mode 100644
index 00000000..7cb821d7
--- /dev/null
+++ b/src/man/po/nl.po
@@ -0,0 +1,5408 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Red Hat
+# This file is distributed under the same license as the sssd-docs package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: SSSD\n"
+"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
+"POT-Creation-Date: 2011-01-24 13:36-0500\n"
+"PO-Revision-Date: 2011-03-08 15:06+0000\n"
+"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: nl\n"
+"Plural-Forms: nplurals=2; plural=(n != 1)\n"
+
+#. type: Content of: <reference><title>
+#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
+#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
+#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
+#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
+#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
+msgid "SSSD Manual pages"
+msgstr "SSSD handleiding"
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
+msgid "sss_groupmod"
+msgstr "sss_groupmod"
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
+#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
+#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
+#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+msgid "8"
+msgstr "8"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupmod.8.xml:16
+msgid "modify a group"
+msgstr "muteer een groep"
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupmod.8.xml:21
+msgid ""
+"<command>sss_groupmod</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>GROUP</replaceable></arg>"
+msgstr ""
+"<command>sss_groupmod</command> <arg choice='opt'> "
+"<replaceable>opties</replaceable> </arg> <arg "
+"choice='plain'><replaceable>GROEP</replaceable></arg>"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:41
+#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
+#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
+#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
+#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
+msgid "DESCRIPTION"
+msgstr "OMSCHRIJVING"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupmod.8.xml:32
+msgid ""
+"<command>sss_groupmod</command> modifies the group to reflect the changes "
+"that are specified on the command line."
+msgstr ""
+"<command>sss_groupmod</command> muteert de groep en maakt de aanpassingen "
+"die via de opdrachtregel ingegeven zijn."
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:48 sssd.8.xml:42 sss_obfuscate.8.xml:59
+#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
+#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+msgid "OPTIONS"
+msgstr "OPTIES"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
+msgid ""
+"<option>-a</option>,<option>--append-group</option> "
+"<replaceable>GROUPS</replaceable>"
+msgstr ""
+"<option>-a</option>,<option>--append-group</option> "
+"<replaceable>GROEPEN</replaceable>"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupmod.8.xml:48
+msgid ""
+"Append this group to groups specified by the "
+"<replaceable>GROUPS</replaceable> parameter. The "
+"<replaceable>GROUPS</replaceable> parameter is a comma separated list of "
+"group names."
+msgstr ""
+"Voeg deze groep toe aan de groepen opgegeven met de "
+"<replaceable>GROEPEN</replaceable> parameter. De "
+"<replaceable>GROEPEN</replaceable> parameter is een kommagescheiden lijst "
+"van groepnamen."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
+msgid ""
+"<option>-r</option>,<option>--remove-group</option> "
+"<replaceable>GROUPS</replaceable>"
+msgstr ""
+"<option>-r</option>,<option>--remove-group</option> "
+"<replaceable>GROEPEN</replaceable>"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupmod.8.xml:62
+msgid ""
+"Remove this group from groups specified by the "
+"<replaceable>GROUPS</replaceable> parameter."
+msgstr ""
+"Verwijder deze groep uit de groepen opgegeven in de "
+"<replaceable>GROEPEN</replaceable> parameter."
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1389
+#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
+#: sssd-ipa.5.xml:191 sssd.8.xml:166 sss_obfuscate.8.xml:104
+#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
+#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
+#: sss_usermod.8.xml:138
+msgid "SEE ALSO"
+msgstr "ZIE OOK"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupmod.8.xml:74
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+"<citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
+msgid "sssd.conf"
+msgstr "sssd.conf"
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
+#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
+msgid "5"
+msgstr "5"
+
+#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
+#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
+#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
+msgid "File Formats and Conventions"
+msgstr "Bestandsformaten en conventies"
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
+#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
+msgid "the configuration file for SSSD"
+msgstr "het configuratiebestand voor SSSD"
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:21
+msgid "FILE FORMAT"
+msgstr "BESTANDSFORMAAT"
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:29
+#, no-wrap
+msgid ""
+" <replaceable>[section]</replaceable>\n"
+" <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
+" <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
+" "
+msgstr ""
+" <replaceable>[sectie]</replaceable>\n"
+" <replaceable>sleutel</replaceable> = <replaceable>waarde</replaceable>\n"
+" <replaceable>sleutel2</replaceable> = <replaceable>waarde2,waarde3</replaceable>\n"
+" "
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:24
+msgid ""
+"The file has an ini-style syntax and consists of sections and parameters. A "
+"section begins with the name of the section in square brackets and continues"
+" until the next section begins. An example of section with single and multi-"
+"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+"Het bestand heeft een ini-stijl syntaxis en bestaat uit secties en "
+"parameters. Een sectie begint met de naam van de sectie in rechte haken en "
+"gaat verder totdat de volgende sectie begint. Een voorbeeld van een sectie "
+"met een enkele en een meervoudige parameter: <placeholder "
+"type=\"programlisting\" id=\"0\"/>"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:36
+msgid ""
+"The data types used are string (no quotes needed), integer and bool (with "
+"values of <quote>TRUE/FALSE</quote>)."
+msgstr ""
+"De datatypes gebruikt zijn tekst (geen quotes vereisd), numeriek en "
+"booleaans (met de waardes <quote>TRUE/FALSE</quote>)."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:41
+msgid ""
+"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"(<quote>;</quote>)"
+msgstr ""
+"Een regel met kommentaar begint met een hekje (<quote>#</quote>) of een "
+"puntkomma (<quote>;</quote>)"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:46
+msgid ""
+"All sections can have an optional <replaceable>description</replaceable> "
+"parameter. Its function is only as a label for the section."
+msgstr ""
+"Alle secties kunnen een optionele <replaceable>description</replaceable> "
+"parameter bevatten. Dit fungeert slechts als label voor de sectie."
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:52
+msgid ""
+"<filename>sssd.conf</filename> must be a regular file, owned by root and "
+"only root may read from or write to the file."
+msgstr ""
+"<filename>sssd.conf</filename> moet een standaardbestand zijn, de eigenaar "
+"moet root zijn en alleen root mag hem lezen en schrijven."
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:58
+msgid "SPECIAL SECTIONS"
+msgstr "SPECIALE SECTIES"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:61
+msgid "The [sssd] section"
+msgstr "De [sssd] sectie"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><title>
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+msgid "Section parameters"
+msgstr "Sectie parameters"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:72
+msgid "config_file_version (integer)"
+msgstr "config_file_version (numeriek)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:75
+msgid ""
+"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
+"version 2."
+msgstr ""
+"Geeft aan welke syntaxis de configuratie gebruikt. SSSD 0.6.0 en hoger "
+"gebruiken versie 2."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:81
+msgid "services"
+msgstr "diensten"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:84
+msgid ""
+"Comma separated list of services that are started when sssd itself starts."
+msgstr ""
+"Kommagescheiden lijst van diensten die gestart worden als sssd zelf start."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:88
+msgid "Supported services: nss, pam"
+msgstr "Ondersteunde diensten: nss, pam"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:93 sssd.conf.5.xml:234
+msgid "reconnection_retries (integer)"
+msgstr "reconnection_retries (numeriek)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:237
+msgid ""
+"Number of times services should attempt to reconnect in the event of a Data "
+"Provider crash or restart before they give up"
+msgstr ""
+"Aantal keer dat de service moet proberen om opnieuw te verbinden indien een "
+"Data Aanbieder crashed of opnieuw start voordat dit opgegeven wordt"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:101 sssd.conf.5.xml:242
+msgid "Default: 3"
+msgstr "Standaard: 3"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:106
+msgid "domains"
+msgstr "domeinen"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:109
+msgid ""
+"A domain is a database containing user information. SSSD can use more "
+"domains at the same time, but at least one must be configured or SSSD won't "
+"start. This parameter described the list of domains in the order you want "
+"them to be queried."
+msgstr ""
+"Een domein is een databank met gebruikersinformatie. SSSD kan meerdere "
+"domeinen tegelijkertijd gebruiken, maar er moet op zijn minst één domein "
+"geconfigureerd zijn, anders start SSSD niet. Deze parameter omschrijft de "
+"lijst van domeinen in de volgorde die SSSD ze moet aflopen."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:119
+msgid "re_expression (string)"
+msgstr "re_expression (tekst)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:122
+msgid ""
+"Regular expression that describes how to parse the string containing user "
+"name and domain into these components."
+msgstr ""
+"Reguliere expressie die omschrijft hoe de tekst die de gebruikers- en "
+"domeinnaam verwerkt moeten worden."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:126
+msgid ""
+"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
+"which translates to \"the name is everything up to the <quote>@</quote> "
+"sign, the domain everything after that\""
+msgstr ""
+"Standaard: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
+"wat zich vertaalt tot \"de gebruikersnaam is alles tot <quote>@</quote> , "
+"het domein alles daarna\""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:131
+msgid ""
+"PLEASE NOTE: the support for non-unique named subpatterns is not available "
+"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
+"version 7 or higher can support non-unique named subpatterns."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:138
+msgid ""
+"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax "
+"(?P&lt;name&gt;) to label subpatterns."
+msgstr ""
+"MER OOK OP: oudere versies van libpcre ondersteunen alleen de Pyton syntaxis"
+" (?P&lt;name&gt;) om subpatronen aan te geven."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:145
+msgid "full_name_format (string)"
+msgstr "full_name_format (tekst)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:148
+msgid ""
+"A <citerefentry> <refentrytitle>printf</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes "
+"how to translate a (name, domain) tuple into a fully qualified name."
+msgstr ""
+"Een <citerefentry> <refentrytitle>printf</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry>-compatibel formaat wat omschrijft "
+"hoe een tuple (met name, domain) vertaald wordt in een full qualified name."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:156
+msgid "Default: <quote>%1$s@%2$s</quote>."
+msgstr "Standaard: <quote>%1$s@%2$s</quote>."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:161
+msgid "try_inotify (boolean)"
+msgstr "try_inotify (bool)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:164
+msgid ""
+"SSSD monitors the state of resolv.conf to identify when it needs to update "
+"its internal DNS resolver. By default, we will attempt to use inotify for "
+"this, and will fall back to polling resolv.conf every five seconds if "
+"inotify cannot be used."
+msgstr ""
+"SSSD houdt de stat van resolv.conf in de gaten om te zien wanneer de interne"
+" DNS-resolver bijgewerkt moet worden. Standaard wordt er geprobeerd om "
+"inotify te gebruiken en er wordt teruggevallen op iedere vijf seconden "
+"kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:172
+msgid ""
+"There are some limited situations where it is preferred that we should skip "
+"even trying to use inotify. In these rare cases, this option should be set "
+"to 'false'"
+msgstr ""
+"Er zijn een aantal situaties waarin het de voorkeur heeft dat we het gebruik"
+" van inotify uitschakelen. In deze zeldzame gevallen kan de optie op 'false'"
+" gezet worden"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:178
+msgid ""
+"Default: true on platforms where inotify is supported. False on other "
+"platforms."
+msgstr ""
+"Standaard: true op systemen waar inotify is ondersteund. False op andere "
+"systemen."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:182
+msgid ""
+"Note: this option will have no effect on platforms where inotify is "
+"unavailable. On these platforms, polling will always be used."
+msgstr ""
+"Merk op: deze optie heeft geen effect op systemen waar inotify niet "
+"beschikbaar is. Op deze systemen wordt altijd periodiek gekeken naar "
+"resolv.conf."
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:63
+msgid ""
+"Individual pieces of SSSD functionality are provided by special SSSD "
+"services that are started and stopped together with SSSD. The services are "
+"managed by a special service frequently called <quote>monitor</quote>. The "
+"<quote>[sssd]</quote> section is used to configure the monitor as well as "
+"some other important options like the identity domains. <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:195
+msgid "SERVICES SECTIONS"
+msgstr "SERVICES SECTIE"
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:197
+msgid ""
+"Settings that can be used to configure different services are described in "
+"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
+"section, for example, for NSS service, the section would be "
+"<quote>[nss]</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:204
+msgid "General service configuration options"
+msgstr "Algemene service configuratie-opties"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:206
+msgid "These options can be used to configure any service."
+msgstr "Deze opties kunnen gebruikt worden om services te configureren."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:210
+msgid "debug_level (integer)"
+msgstr "debug_level (numeriek)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:213
+msgid ""
+"Sets the debug level for the service. The value can be in range from 0 (only"
+" critical messages) to 10 (very verbose)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:218 sssd.conf.5.xml:312
+msgid "Default: 0"
+msgstr "Standaard: 0"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:223 sssd.8.xml:58
+msgid "debug_timestamps (bool)"
+msgstr "debug_timestamps (bool)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:226 sssd.8.xml:61
+msgid "Add a timestamp to the debug messages"
+msgstr "Voeg een tijdstempel toe aan de debugberichten"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:1015
+#: sssd-ldap.5.xml:1120 sssd-ipa.5.xml:155
+msgid "Default: true"
+msgstr "Standaard: true"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:247
+msgid "command (string)"
+msgstr "command (tekst)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:250
+msgid ""
+"By default, the executable representing this service is called "
+"<command>sssd_${service_name}</command>. This directive allows to change "
+"the executable name for the service. In the vast majority of configurations,"
+" the default values should suffice."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:258
+msgid "Default: <command>sssd_${service_name}</command>"
+msgstr "Standaard: <command>sssd_${service_name}</command>"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:266
+msgid "NSS configuration options"
+msgstr "NSS configuratie-opties"
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:268
+msgid ""
+"These options can be used to configure the Name Service Switch (NSS) "
+"service."
+msgstr ""
+"Deze opties kunnen worden gebruikt om de Name Serice Switch (NSS) service te"
+" configurere."
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:273
+msgid "enum_cache_timeout (integer)"
+msgstr "enum_cache_timeout (numeriek)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:276
+msgid ""
+"How many seconds should nss_sss cache enumerations (requests for info about "
+"all users)"
+msgstr ""
+"Hoeveel seconden zouden nss_sss cache enumeraties (verzoeken om informatie "
+"over alle gebruikers)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:280
+msgid "Default: 120"
+msgstr "Standaard: 120"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:285
+msgid "entry_cache_nowait_percentage (integer)"
+msgstr "entry_cache_nowait_percentage (numeriek)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:288
+msgid ""
+"The entry cache can be set to automatically update entries in the background"
+" if they are requested beyond a percentage of the entry_cache_timeout value "
+"for the domain."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:294
+msgid ""
+"For example, if the domain's entry_cache_timeout is set to 30s and "
+"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
+"after 15 seconds past the last cache update will be returned immediately, "
+"but the SSSD will go and update the cache on its own, so that future "
+"requests will not need to block waiting for a cache update."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:304
+msgid ""
+"Valid values for this option are 0-99 and represent a percentage of the "
+"entry_cache_timeout for each domain. For performance reasons, this "
+"percentage will never reduce the nowait timeout to less than 10 seconds. (0"
+" disables this feature)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:317
+msgid "entry_negative_timeout (integer)"
+msgstr "entry_negative_timeout (numeriek)"
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:320
+msgid ""
+"Specifies for how many seconds nss_sss should cache negative cache hits "
+"(that is, queries for invalid database entries, like nonexistent ones) "
+"before asking the back end again."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:326 sssd-krb5.5.xml:223
+msgid "Default: 15"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:331
+msgid "filter_users, filter_groups (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:334
+msgid ""
+"Exclude certain users from being fetched from the sss NSS database. This is "
+"particularly useful for system accounts. This option can also be set per-"
+"domain or include fully-qualified names to filter only users from the "
+"particular domain."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:341
+msgid "Default: root"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:346
+msgid "filter_users_in_groups (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:349
+msgid ""
+"If you want filtered user still be group members set this option to false."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:360
+msgid "PAM configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:362
+msgid ""
+"These options can be used to configure the Pluggable Authentication Module "
+"(PAM) service."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367
+msgid "offline_credentials_expiration (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:370
+msgid ""
+"If the authentication provider is offline, how long should we allow cached "
+"logins (in days since the last successful online login)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+msgid "Default: 0 (No limit)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:381
+msgid "offline_failed_login_attempts (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384
+msgid ""
+"If the authentication provider is offline, how many failed login attempts "
+"are allowed."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:394
+msgid "offline_failed_login_delay (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:397
+msgid ""
+"The time in minutes which has to pass after offline_failed_login_attempts "
+"has been reached before a new login attempt is possible."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"If set to 0 the user cannot authenticate offline if "
+"offline_failed_login_attempts has been reached. Only a successful online "
+"authentication can enable enable offline authentication again."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+msgid "Default: 5"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:414
+msgid "pam_verbosity (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:417
+msgid ""
+"Controls what kind of messages are shown to the user during authentication. "
+"The higher the number to more messages are displayed."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Currently sssd supports the following values:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:425
+msgid "<emphasis>0</emphasis>: do not show any message"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:428
+msgid "<emphasis>1</emphasis>: show only important messages"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:432
+msgid "<emphasis>2</emphasis>: show informational messages"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:435
+msgid "<emphasis>3</emphasis>: show all messages and debug information"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:439
+msgid "Default: 1"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:444
+msgid "pam_id_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:447
+msgid ""
+"For any PAM request while SSSD is online, the SSSD will attempt to "
+"immediately update the cached identity information for the user in order to "
+"ensure that authentication takes place with the latest information."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"A complete PAM conversation may perform multiple PAM requests, such as "
+"account management and session opening. This option controls (on a per-"
+"client-application basis) how long (in seconds) we can cache the identity "
+"information to avoid excessive round-trips to the identity provider."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:467
+msgid "pam_pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:470
+msgid "Display a warning N days before the password expires."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:473
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:479
+msgid "Default: 7"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:488
+msgid "DOMAIN SECTIONS"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:495
+msgid "min_id,max_id (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:498
+msgid ""
+"UID and GID limits for the domain. If a domain contains an entry that is "
+"outside these limits, it is ignored."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:503
+msgid ""
+"For users, this affects the primary GID limit. The user will not be returned"
+" to NSS if either the UID or the primary GID is outside the range. For non-"
+"primary group memberships, those that are in range will be reported as "
+"expected."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:510
+msgid "Default: 1 for min_id, 0 (no limit) for max_id"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:516
+msgid "timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:519
+msgid ""
+"Timeout in seconds between heartbeats for this domain. This is used to "
+"ensure that the backend process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:524
+msgid "Default: 10"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:530
+msgid "enumerate (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:533
+msgid ""
+"Determines if a domain can be enumerated. This parameter can have one of the"
+" following values:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:537
+msgid "TRUE = Users and groups are enumerated"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:540
+msgid "FALSE = No enumerations for this domain"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+msgid "Default: FALSE"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:546
+msgid ""
+"Note: Enabling enumeration has a moderate performance impact on SSSD while "
+"enumeration is running. It may take up to several minutes after SSSD startup"
+" to fully complete enumerations. During this time, individual requests for "
+"information will go directly to LDAP, though it may be slow, due to the "
+"heavy enumeration processing."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:556
+msgid ""
+"While the first enumeration is running, requests for the complete user or "
+"group lists may return no results until it completes."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:561
+msgid ""
+"Further, enabling enumeration may increase the time necessary to detect "
+"network disconnection, as longer timeouts are required to ensure that "
+"enumeration lookups are completed successfully. For more information, refer"
+" to the man pages for the specific id_provider in use."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:572
+msgid "entry_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:575
+msgid ""
+"How many seconds should nss_sss consider entries valid before asking the "
+"backend again"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:579
+msgid "Default: 5400"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:584
+msgid "cache_credentials (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:587
+msgid "Determines if user credentials are also cached in the local LDB cache"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:596
+msgid "account_cache_expiration (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:599
+msgid ""
+"Number of days entries are left in cache after last successful login before "
+"being removed during a cleanup of the cache. 0 means keep forever. The "
+"value of this parameter must be greater than or equal to "
+"offline_credentials_expiration."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:606
+msgid "Default: 0 (unlimited)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:612
+msgid "id_provider (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:615
+msgid "The Data Provider identity backend to use for this domain."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:619
+msgid "Supported backends:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:622
+msgid "proxy: Support a legacy NSS provider"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:625
+msgid "local: SSSD internal local provider"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:628
+msgid "ldap: LDAP provider"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:634
+msgid "use_fully_qualified_names (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637
+msgid ""
+"If set to TRUE, all requests to this domain must use fully qualified names. "
+"For example, if used in LOCAL domain that contains a \"test\" user, "
+"<command>getent passwd test</command> wouldn't find the user while "
+"<command>getent passwd test@LOCAL</command> would."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:650
+msgid "auth_provider (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:653
+msgid ""
+"The authentication provider used for the domain. Supported auth providers "
+"are:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:657
+msgid ""
+"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:664
+msgid ""
+"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:671
+msgid ""
+"<quote>proxy</quote> for relaying authentication to some other PAM target."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:674
+msgid "<quote>none</quote> disables authentication explicitly."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:677
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can handle "
+"authentication requests."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:683
+msgid "access_provider (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:686
+msgid ""
+"The access control provider used for the domain. There are two built-in "
+"access providers (in addition to any included in installed backends) "
+"Internal special providers are:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:692
+msgid "<quote>permit</quote> always allow access."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:695
+msgid "<quote>deny</quote> always deny access."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:698
+msgid ""
+"<quote>simple</quote> access control based on access or deny lists. See "
+"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> for more information on configuring "
+"the simple access module."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:705
+msgid "Default: <quote>permit</quote>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:710
+msgid "chpass_provider (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:713
+msgid ""
+"The provider which should handle change password operations for the domain."
+" Supported change password providers are:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:718
+msgid ""
+"<quote>ipa</quote> to change a password stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring"
+" IPA."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:726
+msgid ""
+"<quote>ldap</quote> to change a password stored in a LDAP server. See "
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring"
+" LDAP."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:734
+msgid ""
+"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:742
+msgid ""
+"<quote>proxy</quote> for relaying password changes to some other PAM target."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:746
+msgid "<quote>none</quote> disallows password changes explicitly."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:749
+msgid ""
+"Default: <quote>auth_provider</quote> is used if it is set and can handle "
+"change password requests."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:756
+msgid "lookup_family_order (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:759
+msgid ""
+"Provides the ability to select preferred address family to use when "
+"performing DNS lookups."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:763
+msgid "Supported values:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:766
+msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:769
+msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:772
+msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:775
+msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:778
+msgid "Default: ipv4_first"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:784
+msgid "dns_resolver_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:787
+msgid ""
+"Defines the amount of time (in seconds) to wait for a reply from the DNS "
+"resolver before assuming that it is unreachable. If this timeout is reached,"
+" the domain will continue to operate in offline mode."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:799
+msgid "dns_discovery_domain (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:802
+msgid ""
+"If service discovery is used in the back end, specifies the domain part of "
+"the service discovery DNS query."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:806
+msgid "Default: Use the domain part of machine's hostname"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:490
+msgid ""
+"These configuration options can be present in a domain configuration "
+"section, that is, in a section called "
+"<quote>[domain/<replaceable>NAME</replaceable>]</quote> <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:818
+msgid "proxy_pam_target (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:821
+msgid "The proxy target PAM proxies to."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:824
+msgid ""
+"Default: not set by default, you have to take an existing pam configuration "
+"or create a new one and add the service name here."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:832
+msgid "proxy_lib_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:835
+msgid ""
+"The name of the NSS library to use in proxy domains. The NSS functions "
+"searched for in the library are in the form of _nss_$(libName)_$(function), "
+"for example _nss_files_getpwent."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:814
+msgid ""
+"Options valid for proxy domains. <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:847
+msgid "The local domain section"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:849
+msgid ""
+"This section contains settings for domain that stores users and groups in "
+"SSSD native database, that is, a domain that uses "
+"<replaceable>id_provider=local</replaceable>."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:856
+msgid "default_shell (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:859
+msgid "The default shell for users created with SSSD userspace tools."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:863
+msgid "Default: <filename>/bin/bash</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:868
+msgid "base_directory (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:871
+msgid ""
+"The tools append the login name to <replaceable>base_directory</replaceable>"
+" and use that as the home directory."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:876
+msgid "Default: <filename>/home</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:881
+msgid "create_homedir (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:884
+msgid ""
+"Indicate if a home directory should be created by default for new users. "
+"Can be overridden on command line."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+msgid "Default: TRUE"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "remove_homedir (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid ""
+"Indicate if a home directory should be removed by default for deleted users."
+" Can be overridden on command line."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:905
+msgid "homedir_umask (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:908
+msgid ""
+"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
+"on a newly created home directory."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:916
+msgid "Default: 077"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:921
+msgid "skel_dir (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:924
+msgid ""
+"The skeleton directory, which contains files and directories to be copied in"
+" the user's home directory, when the home directory is created by "
+"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:934
+msgid "Default: <filename>/etc/skel</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:939
+msgid "mail_dir (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:942
+msgid ""
+"The mail spool directory. This is needed to manipulate the mailbox when its "
+"corresponding user account is modified or deleted. If not specified, a "
+"default value is used."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:949
+msgid "Default: <filename>/var/mail</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:954
+msgid "userdel_cmd (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:957
+msgid ""
+"The command that is run after a user is removed. The command us passed the "
+"username of the user being removed as the first and only parameter. The "
+"return code of the command is not taken into account."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:963
+msgid "Default: None, no command is run"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1357 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:173 sssd-krb5.5.xml:405
+msgid "EXAMPLE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:979
+#, no-wrap
+msgid ""
+"[sssd]\n"
+"domains = LDAP\n"
+"services = nss, pam\n"
+"config_file_version = 2\n"
+"\n"
+"[nss]\n"
+"filter_groups = root\n"
+"filter_users = root\n"
+"\n"
+"[pam]\n"
+"\n"
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"ldap_uri = ldap://ldap.example.com\n"
+"ldap_search_base = dc=example,dc=com\n"
+"\n"
+"auth_provider = krb5\n"
+"krb5_server = kerberos.example.com\n"
+"krb5_realm = EXAMPLE.COM\n"
+"cache_credentials = true\n"
+"\n"
+"min_id = 10000\n"
+"max_id = 20000\n"
+"enumerate = False\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:975
+msgid ""
+"The following example shows a typical SSSD config. It does not describe "
+"configuration of the domains themselves - refer to documentation on "
+"configuring domains for more details. <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:1010
+msgid ""
+"<citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
+" <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
+msgid "sssd-ldap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:23
+msgid ""
+"This manual page describes the configuration of LDAP domains for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
+"information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:35
+msgid "You can configure SSSD to use more than one LDAP domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:38
+msgid ""
+"LDAP back end supports id, auth, access and chpass providers. If you want to"
+" authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
+"<command>sssd</command> <emphasis>does not</emphasis> support authentication"
+" over an unencrypted channel. If the LDAP server is used only as an "
+"identity provider, an encrypted channel is not needed. Please refer to "
+"<quote>ldap_access_filter</quote> config option for more information about "
+"using LDAP as an access provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-krb5.5.xml:63
+msgid "CONFIGURATION OPTIONS"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:60
+msgid "ldap_uri (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:63
+msgid ""
+"Specifies the list of URIs of the LDAP servers to which SSSD should connect "
+"in the order of preference. Refer to the <quote>FAILOVER</quote> section for"
+" more information on failover and server redundancy. If not specified, "
+"service discovery is enabled. For more information, refer to the "
+"<quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:73
+msgid "ldap_chpass_uri (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:76
+msgid ""
+"Specifies the list of URIs of the LDAP servers to which SSSD should connect "
+"in the order of preference to change the password of a user. Refer to the "
+"<quote>FAILOVER</quote> section for more information on failover and server "
+"redundancy."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:83
+msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:87
+msgid "Default: empty, i.e. ldap_uri is used."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:93
+msgid "ldap_search_base (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:96
+msgid "The default base DN to use for performing LDAP user operations."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:100
+msgid ""
+"Default: If not set the value of the defaultNamingContext or namingContexts "
+"attribute from the RootDSE of the LDAP server is used. If "
+"defaultNamingContext does not exists or has an empty value namingContexts is"
+" used. The namingContexts attribute must have a single value with the DN of"
+" the search base of the LDAP server to make this work. Multiple values are "
+"are not supported."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:114
+msgid "ldap_schema (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:117
+msgid ""
+"Specifies the Schema Type in use on the target LDAP server. Depending on "
+"the selected schema, the default attribute names retrieved from the servers "
+"may vary. The way that some attributes are handled may also differ. Three "
+"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"difference between these schema types is how group memberships are recorded "
+"in the server. With rfc2307, group members are listed by name in the "
+"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
+"members are listed by DN and stored in the <emphasis>member</emphasis> "
+"attribute."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:136
+msgid "Default: rfc2307"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:142
+msgid "ldap_default_bind_dn (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:145
+msgid "The default bind DN to use for performing LDAP operations."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:152
+msgid "ldap_default_authtok_type (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:155
+msgid "The type of the authentication token of the default bind DN."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:159
+msgid "The two mechanisms currently supported are:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:162
+msgid "password"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:165
+msgid "obfuscated_password"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:171
+msgid "ldap_default_authtok (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:174
+msgid ""
+"The authentication token of the default bind DN. Only clear text passwords "
+"are currently supported."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:181
+msgid "ldap_user_object_class (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:184
+msgid "The object class of a user entry in LDAP."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:187
+msgid "Default: posixAccount"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:193
+msgid "ldap_user_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:196
+msgid "The LDAP attribute that corresponds to the user's login name."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:200
+msgid "Default: uid"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:206
+msgid "ldap_user_uid_number (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:209
+msgid "The LDAP attribute that corresponds to the user's id."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:213
+msgid "Default: uidNumber"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:219
+msgid "ldap_user_gid_number (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:222
+msgid "The LDAP attribute that corresponds to the user's primary group id."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:226 sssd-ldap.5.xml:622
+msgid "Default: gidNumber"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:232
+msgid "ldap_user_gecos (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:235
+msgid "The LDAP attribute that corresponds to the user's gecos field."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:239
+msgid "Default: gecos"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:245
+msgid "ldap_user_home_directory (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:248
+msgid ""
+"The LDAP attribute that contains the name of the user's home directory."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:252
+msgid "Default: homeDirectory"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:258
+msgid "ldap_user_shell (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:261
+msgid "The LDAP attribute that contains the path to the user's default shell."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:265
+msgid "Default: loginShell"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:271
+msgid "ldap_user_uuid (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:274
+msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:278 sssd-ldap.5.xml:648 sssd-ldap.5.xml:741
+msgid "Default: nsUniqueId"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:284
+msgid "ldap_user_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:287 sssd-ldap.5.xml:657 sssd-ldap.5.xml:750
+msgid ""
+"The LDAP attribute that contains timestamp of the last modification of the "
+"parent object."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:291 sssd-ldap.5.xml:661 sssd-ldap.5.xml:754
+msgid "Default: modifyTimestamp"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:297
+msgid "ldap_user_shadow_last_change (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:300
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> counterpart (date of the last password change)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:310
+msgid "Default: shadowLastChange"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:316
+msgid "ldap_user_shadow_min (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:319
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> counterpart (minimum password age)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:328
+msgid "Default: shadowMin"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:334
+msgid "ldap_user_shadow_max (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> counterpart (maximum password age)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:346
+msgid "Default: shadowMax"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:352
+msgid "ldap_user_shadow_warning (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:355
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> counterpart (password warning period)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:365
+msgid "Default: shadowWarning"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:371
+msgid "ldap_user_shadow_inactive (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:374
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> counterpart (password inactivity period)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:384
+msgid "Default: shadowInactive"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:390
+msgid "ldap_user_shadow_expire (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:393
+msgid ""
+"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this"
+" parameter contains the name of an LDAP attribute corresponding to its "
+"<citerefentry> <refentrytitle>shadow</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> counterpart (account expiration "
+"date)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:403
+msgid "Default: shadowExpire"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:409
+msgid "ldap_user_krb_last_pwd_change (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:412
+msgid ""
+"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of"
+" an LDAP attribute storing the date and time of last password change in "
+"kerberos."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:418
+msgid "Default: krbLastPwdChange"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:424
+msgid "ldap_user_krb_password_expiration (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:427
+msgid ""
+"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of"
+" an LDAP attribute storing the date and time when current password expires."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:433
+msgid "Default: krbPasswordExpiration"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:439
+msgid "ldap_user_ad_account_expires (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:442
+msgid ""
+"When using ldap_account_expire_policy=ad, this parameter contains the name "
+"of an LDAP attribute storing the expiration time of the account."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:447
+msgid "Default: accountExpires"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:453
+msgid "ldap_user_ad_user_account_control (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:456
+msgid ""
+"When using ldap_account_expire_policy=ad, this parameter contains the name "
+"of an LDAP attribute storing the user account control bit field."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:461
+msgid "Default: userAccountControl"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:467
+msgid "ldap_ns_account_lock (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:470
+msgid ""
+"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
+"determines if access is allowed or not."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:475
+msgid "Default: nsAccountLock"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:481
+msgid "ldap_user_principal (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:484
+msgid ""
+"The LDAP attribute that contains the user's Kerberos User Principal Name "
+"(UPN)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:488
+msgid "Default: krbPrincipalName"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:494
+msgid "ldap_force_upper_case_realm (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:497
+msgid ""
+"Some directory servers, for example Active Directory, might deliver the "
+"realm part of the UPN in lower case, which might cause the authentication to"
+" fail. Set this option to a non-zero value if you want to use an upper-case "
+"realm."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:504 sssd-ldap.5.xml:961 sssd-ipa.5.xml:115 sssd.8.xml:64
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:266
+msgid "Default: false"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:510
+msgid "ldap_enumeration_refresh_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:513
+msgid ""
+"The LDAP attribute that contains how many seconds SSSD has to wait before "
+"refreshing its cache of enumerated records."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:518
+msgid "Default: 300"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:524
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:527
+msgid ""
+"Determine how often to check the cache for inactive entries (such as groups "
+"with no members and users who have never logged in) and remove them to save "
+"space."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:533
+msgid "Setting this option to zero will disable the cache cleanup operation."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:537
+msgid "Default: 10800 (12 hours)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:543
+msgid "ldap_user_fullname (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:546
+msgid "The LDAP attribute that corresponds to the user's full name."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:550 sssd-ldap.5.xml:609 sssd-ldap.5.xml:702
+msgid "Default: cn"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:556
+msgid "ldap_user_member_of (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:559
+msgid "The LDAP attribute that lists the user's group memberships."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:563
+msgid "Default: memberOf"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:569
+msgid "ldap_user_authorized_service (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:572
+msgid ""
+"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
+"use the presence of the authorizedService attribute in the user's LDAP entry"
+" to determine access privilege."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:579
+msgid ""
+"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
+"explicit allow (svc) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:584
+msgid "Default: authorizedService"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:590
+msgid "ldap_group_object_class (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:593
+msgid "The object class of a group entry in LDAP."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:596
+msgid "Default: posixGroup"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:602
+msgid "ldap_group_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:605
+msgid "The LDAP attribute that corresponds to the group name."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:615
+msgid "ldap_group_gid_number (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:618
+msgid "The LDAP attribute that corresponds to the group's id."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:628
+msgid "ldap_group_member (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:631
+msgid "The LDAP attribute that contains the names of the group's members."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:635
+msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:641
+msgid "ldap_group_uuid (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:644
+msgid ""
+"The LDAP attribute that contains the UUID/GUID of an LDAP group object."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:654
+msgid "ldap_group_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:667
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:670
+msgid ""
+"If ldap_schema is set to a schema format that supports nested groups (e.g. "
+"RFC2307bis), then this option controls how many levels of nesting SSSD will "
+"follow. This option has no effect on the RFC2307 schema."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:677
+msgid "Default: 2"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:683
+msgid "ldap_netgroup_object_class (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:686
+msgid "The object class of a netgroup entry in LDAP."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:689
+msgid "Default: nisNetgroup"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:695
+msgid "ldap_netgroup_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:698
+msgid "The LDAP attribute that corresponds to the netgroup name."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:708
+msgid "ldap_netgroup_member (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:711
+msgid "The LDAP attribute that contains the names of the netgroup's members."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:715
+msgid "Default: memberNisNetgroup"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:721
+msgid "ldap_netgroup_triple (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:724
+msgid ""
+"The LDAP attribute that contains the (host, user, domain) netgroup triples."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:728
+msgid "Default: nisNetgroupTriple"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:734
+msgid "ldap_netgroup_uuid (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:737
+msgid ""
+"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:747
+msgid "ldap_netgroup_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:760
+msgid "ldap_search_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:763
+msgid ""
+"Specifies the timeout (in seconds) that ldap searches are allowed to run "
+"before they are cancelled and cached results are returned (and offline mode "
+"is entered)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:769
+msgid ""
+"Note: this option is subject to change in future versions of the SSSD. It "
+"will likely be replaced at some point by a series of timeouts for specific "
+"lookup types."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:775 sssd-ldap.5.xml:817 sssd-ldap.5.xml:832
+msgid "Default: 6"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:781
+msgid "ldap_enumeration_search_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:784
+msgid ""
+"Specifies the timeout (in seconds) that ldap searches for user and group "
+"enumerations are allowed to run before they are cancelled and cached results"
+" are returned (and offline mode is entered)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:791
+msgid "Default: 60"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:797
+msgid "ldap_network_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:800
+msgid ""
+"Specifies the timeout (in seconds) after which the <citerefentry> "
+"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> "
+"</citerefentry>/<citerefentry> <refentrytitle>select</refentrytitle> "
+"<manvolnum>2</manvolnum> </citerefentry> following a <citerefentry> "
+"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> "
+"</citerefentry> returns in case of no activity."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:823
+msgid "ldap_opt_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:826
+msgid ""
+"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
+"will abort if no response is received. Also controls the timeout when "
+"communicating with the KDC in case of SASL bind."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:838
+msgid "ldap_tls_reqcert (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:841
+msgid ""
+"Specifies what checks to perform on server certificates in a TLS session, if"
+" any. It can be specified as one of the following values:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:847
+msgid ""
+"<emphasis>never</emphasis> = The client will not request or check any server"
+" certificate."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
+msgid ""
+"<emphasis>allow</emphasis> = The server certificate is requested. If no "
+"certificate is provided, the session proceeds normally. If a bad certificate"
+" is provided, it will be ignored and the session proceeds normally."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:858
+msgid ""
+"<emphasis>try</emphasis> = The server certificate is requested. If no "
+"certificate is provided, the session proceeds normally. If a bad certificate"
+" is provided, the session is immediately terminated."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid ""
+"<emphasis>demand</emphasis> = The server certificate is requested. If no "
+"certificate is provided, or a bad certificate is provided, the session is "
+"immediately terminated."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:870
+msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:874
+msgid "Default: hard"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:880
+msgid "ldap_tls_cacert (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:883
+msgid ""
+"Specifies the file that contains certificates for all of the Certificate "
+"Authorities that <command>sssd</command> will recognize."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:906 sssd-ldap.5.xml:947
+msgid ""
+"Default: use OpenLDAP defaults, typically in "
+"<filename>/etc/openldap/ldap.conf</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:895
+msgid "ldap_tls_cacertdir (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:898
+msgid ""
+"Specifies the path of a directory that contains Certificate Authority "
+"certificates in separate individual files. Typically the file names need to "
+"be the hash of the certificate followed by '.0'. If available, "
+"<command>cacertdir_rehash</command> can be used to create the correct names."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:913
+msgid "ldap_tls_cert (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:916
+msgid "Specifies the file that contains the certificate for the client's key."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:920 sssd-ldap.5.xml:932 sssd-krb5.5.xml:356
+msgid "Default: not set"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:926
+msgid "ldap_tls_key (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:929
+msgid "Specifies the file that contains the client's key."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:938
+msgid "ldap_tls_cipher_suite (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:941
+msgid ""
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
+"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> for format."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:954
+msgid "ldap_id_use_start_tls (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:957
+msgid ""
+"Specifies that the id_provider connection must also use <systemitem "
+"class=\"protocol\">tls</systemitem> to protect the channel."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:967
+msgid "ldap_sasl_mech (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:970
+msgid ""
+"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
+"supported."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:974 sssd-ldap.5.xml:1102
+msgid "Default: none"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:980
+msgid "ldap_sasl_authid (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:983
+msgid ""
+"Specify the SASL authorization id to use. When GSSAPI is used, this "
+"represents the Kerberos principal used for authentication to the directory."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:988
+msgid "Default: host/machine.fqdn@REALM"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:994
+msgid "ldap_krb5_keytab (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:997
+msgid "Specify the keytab to use when using SASL/GSSAPI."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1000
+msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1006
+msgid "ldap_krb5_init_creds (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1009
+msgid ""
+"Specifies that the id_provider should init Kerberos credentials (TGT). This"
+" action is performed only if SASL is used and the mechanism selected is "
+"GSSAPI."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1021
+msgid "ldap_krb5_ticket_lifetime (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1024
+msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1028
+msgid "Default: 86400 (24 hours)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1034 sssd-krb5.5.xml:74
+msgid "krb5_server (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1037 sssd-krb5.5.xml:77
+msgid ""
+"Specifies the list of IP addresses or hostnames of the Kerberos servers to "
+"which SSSD should connect in the order of preference. For more information "
+"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
+"An optional port number (preceded by a colon) may be appended to the "
+"addresses or hostnames. If empty, service discovery is enabled - for more "
+"information, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1049 sssd-krb5.5.xml:89
+msgid ""
+"When using service discovery for KDC or kpasswd servers, SSSD first searches"
+" for DNS entries that specify _udp as the protocol and falls back to _tcp if"
+" none are found."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1054 sssd-krb5.5.xml:94
+msgid ""
+"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD."
+" While the legacy name is recognized for the time being, users are advised "
+"to migrate their config files to use <quote>krb5_server</quote> instead."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1063 sssd-krb5.5.xml:103
+msgid "krb5_realm (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1066
+msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1069
+msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1075
+msgid "ldap_pwd_policy (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1078
+msgid ""
+"Select the policy to evaluate the password expiration on the client side. "
+"The following values are allowed:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1083
+msgid ""
+"<emphasis>none</emphasis> - No evaluation on the client side. This option "
+"cannot disable server-side password policies."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1088
+msgid ""
+"<emphasis>shadow</emphasis> - Use "
+"<citerefentry><refentrytitle>shadow</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> style attributes to evaluate if the "
+"password has expired. Note that the current version of sssd cannot update "
+"this attribute during a password change."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1096
+msgid ""
+"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
+"to determine if the password has expired. Use chpass_provider=krb5 to update"
+" these attributes when the password is changed."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1108
+msgid "ldap_referrals (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1111
+msgid "Specifies whether automatic referral chasing should be enabled."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1115
+msgid ""
+"Please note that sssd only supports referral chasing when it is compiled "
+"with OpenLDAP version 2.4.13 or higher."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1126
+msgid "ldap_dns_service_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1129
+msgid "Specifies the service name to use when service discovery is enabled."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133
+msgid "Default: ldap"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_chpass_dns_service_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"Specifies the service name to use to find an LDAP server which allows "
+"password changes when service discovery is enabled."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1147
+msgid "Default: not set, i.e. service discovery is disabled"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1153
+msgid "ldap_access_filter (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1156
+msgid ""
+"If using access_provider = ldap, this option is mandatory. It specifies an "
+"LDAP search filter criteria that must be met for the user to be granted "
+"access on this host. If access_provider = ldap and this option is not set, "
+"it will result in all users being denied access. Use access_provider = allow"
+" to change this default behavior."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1166
+msgid "Example:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ldap.5.xml:1169
+#, no-wrap
+msgid ""
+"access_provider = ldap\n"
+"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+" "
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1173
+msgid ""
+"This example means that access to this host is restricted to members of the "
+"\"allowedusers\" group in ldap."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1178
+msgid ""
+"Offline caching for this feature is limited to determining whether the "
+"user's last online login was granted access permission. If they were granted"
+" access during their last login, they will continue to be granted access "
+"while offline and vice-versa."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1186 sssd-ldap.5.xml:1227
+msgid "Default: Empty"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1192
+msgid "ldap_account_expire_policy (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1195
+msgid ""
+"With this option a client side evaluation of access control attributes can "
+"be enabled."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1199
+msgid ""
+"Please note that it is always recommended to use server side access control,"
+" i.e. the LDAP server should deny the bind request with a suitable error "
+"code even if the password is correct."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1206
+msgid "The following values are allowed:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1209
+msgid ""
+"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
+"determine if the account is expired."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1214
+msgid ""
+"<emphasis>ad</emphasis>: use the value of the 32bit field "
+"ldap_user_ad_user_account_control and allow access if the second bit is not "
+"set. If the attribute is missing access is granted. Also the expiration time"
+" of the account is checked."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1221
+msgid ""
+"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, "
+"<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check "
+"if access is allowed or not."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1233
+msgid "ldap_access_order (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1236
+msgid "Comma separated list of access control options. Allowed values are:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1240
+msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1243
+msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1247
+msgid ""
+"<emphasis>authorized_service</emphasis>: use the authorizedService attribute"
+" to determine access"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1252
+msgid "Default: filter"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1255
+msgid ""
+"Please note that it is a configuration error if a value is used more than "
+"once."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1262
+msgid "ldap_deref (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1265
+msgid ""
+"Specifies how alias dereferencing is done when performing a search. The "
+"following options are allowed:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1270
+msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1274
+msgid ""
+"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
+"the base object, but not in locating the base object of the search."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1279
+msgid ""
+"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
+"the base object of the search."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1284
+msgid ""
+"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
+"in locating the base object of the search."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1289
+msgid ""
+"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
+"client libraries)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:51
+msgid ""
+"All of the common configuration options that apply to SSSD domains also "
+"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:1301
+msgid "ADVANCED OPTIONS"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1308
+msgid "ldap_netgroup_search_base (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1311
+msgid ""
+"An optional base DN to restrict netgroup searches to a specific subtree."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1315 sssd-ldap.5.xml:1329 sssd-ldap.5.xml:1343
+msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1322
+msgid "ldap_user_search_base (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1325
+msgid "An optional base DN to restrict user searches to a specific subtree."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1336
+msgid "ldap_group_search_base (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1339
+msgid "An optional base DN to restrict group searches to a specific subtree."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1303
+msgid ""
+"These options are supported by LDAP domains, but they should be used with "
+"caution. Please include them in your configuration only if you know what you"
+" are doing. <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1359
+msgid ""
+"The following example assumes that SSSD is correctly configured and LDAP is "
+"set to one of the domains in the <replaceable>[domains]</replaceable> "
+"section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ldap.5.xml:1365
+#, no-wrap
+msgid ""
+" [domain/LDAP]\n"
+" id_provider = ldap\n"
+" auth_provider = ldap\n"
+" ldap_uri = ldap://ldap.mydomain.org\n"
+" ldap_search_base = dc=mydomain,dc=org\n"
+" ldap_tls_reqcert = demand\n"
+" cache_credentials = true\n"
+" enumerate = true\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1364 sssd-simple.5.xml:134 sssd-ipa.5.xml:181
+#: sssd-krb5.5.xml:414
+msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:1378 sssd_krb5_locator_plugin.8.xml:61
+msgid "NOTES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1380
+msgid ""
+"The descriptions of some of the configuration options in this manual page "
+"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
+"distribution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1391
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> <refentrytitle>sssd-"
+"krb5</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
+" <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <refentryinfo>
+#: pam_sss.8.xml:8 include/upstream.xml:2
+msgid ""
+"<productname>SSSD</productname> <orgname>The SSSD upstream - "
+"http://fedorahosted.org/sssd</orgname>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: pam_sss.8.xml:13 pam_sss.8.xml:18
+msgid "pam_sss"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: pam_sss.8.xml:19
+msgid "PAM module for SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: pam_sss.8.xml:24
+msgid ""
+"<command>pam_sss.so</command> <arg choice='opt'> "
+"<replaceable>forward_pass</replaceable> </arg> <arg choice='opt'> "
+"<replaceable>use_first_pass</replaceable> </arg> <arg choice='opt'> "
+"<replaceable>use_authtok</replaceable> </arg> <arg choice='opt'> "
+"<replaceable>retry=N</replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:42
+msgid ""
+"<command>pam_sss.so</command> is the PAM interface to the System Security "
+"Services daemon (SSSD). Errors and results are logged through "
+"<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:52
+msgid "<option>forward_pass</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:55
+msgid ""
+"If <option>forward_pass</option> is set the entered password is put on the "
+"stack for other PAM modules to use."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:62
+msgid "<option>use_first_pass</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:65
+msgid ""
+"The argument use_first_pass forces the module to use a previous stacked "
+"modules password and will never prompt the user - if no password is "
+"available or the password is not appropriate, the user will be denied "
+"access."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:73
+msgid "<option>use_authtok</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:76
+msgid ""
+"When password changing enforce the module to set the new password to the one"
+" provided by a previously stacked password module."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:83
+msgid "<option>retry=N</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:86
+msgid ""
+"If specified the user is asked another N times for a password if "
+"authentication fails. Default is 0."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:88
+msgid ""
+"Please note that this option might not work as expected if the application "
+"calling PAM handles the user dialog on its own. A typical example is "
+"<command>sshd</command> with <option>PasswordAuthentication</option>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss.8.xml:99
+msgid "MODULE TYPES PROVIDED"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:100
+msgid ""
+"All module types (<option>account</option>, <option>auth</option>, "
+"<option>password</option> and <option>session</option>) are provided."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss.8.xml:106
+msgid "FILES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:107
+msgid ""
+"If a password reset by root fails, because the corresponding SSSD provider "
+"does not support password resets, an individual message can be displayed. "
+"This message can e.g. contain instructions about how to reset a password."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:112
+msgid ""
+"The message is read from the file "
+"<filename>pam_sss_pw_reset_message.LOC</filename> where LOC stands for a "
+"locale string returned by <citerefentry> "
+"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> "
+"</citerefentry>. If there is no matching file the content of "
+"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be"
+" the owner of the files and only root may have read and write permissions "
+"while all other users must have only read permisssions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:122
+msgid ""
+"These files are searched in the directory "
+"<filename>/etc/sssd/customize/DOMAIN_NAME/</filename>. If no matching file "
+"is present a generic message is displayed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:130
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
+msgid "sssd_krb5_locator_plugin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:22
+msgid ""
+"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
+"used by the Kerberos provider of <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>"
+" to tell the Kerberos libraries what Realm and which KDC to use. Typically "
+"this is done in <citerefentry> <refentrytitle>krb5.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> which is always read by the "
+"Kerberos libraries. To simplyfy the configuration the Realm and the KDC can "
+"be defined in <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> as described in <citerefentry> "
+"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:48
+msgid ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry> puts the Realm and the name or IP address of the KDC into "
+"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
+"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
+"libraries it reads and evaluates these variable and returns them to the "
+"libraries."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:63
+msgid ""
+"Not all Kerberos implementations support the use of plugins. If "
+"<command>sssd_krb5_locator_plugin</command> is not available on your system "
+"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:69
+msgid ""
+"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
+"debug messages will be sent to stderr."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:77
+msgid ""
+"<citerefentry> <refentrytitle>sssd-"
+"krb5</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
+" <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
+msgid "sssd-simple"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-simple.5.xml:17
+msgid "the configuration file for SSSD's 'simple' access-control provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:24
+msgid ""
+"This manual page describes the configuration of the simple access-control "
+"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
+"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:38
+msgid ""
+"The simple access provider grants or denies access based on an access or "
+"deny list of user or group names. The following rules apply:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:43
+msgid "If all lists are empty, access is granted"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:47
+msgid ""
+"If any list is provided, the order of evaluation is allow,deny. This means "
+"that any matching deny rule will supersede any matched allow rule."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:54
+msgid ""
+"If either or both \"allow\" lists are provided, all users are denied unless "
+"they appear in the list."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:60
+msgid ""
+"If only \"deny\" lists are provided, all users are granted access unless "
+"they appear in the list."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:78
+msgid "simple_allow_users (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:81
+msgid "Comma separated list of users who are allowed to log in."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:88
+msgid "simple_deny_users (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:91
+msgid "Comma separated list of users who are explicitly denied access."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:97
+msgid "simple_allow_groups (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:100
+msgid ""
+"Comma separated list of groups that are allowed to log in. This applies only"
+" to groups within this SSSD domain. Local groups are not evaluated."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:108
+msgid "simple_deny_groups (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:111
+msgid ""
+"Comma separated list of groups that are explicitly denied access. This "
+"applies only to groups within this SSSD domain. Local groups are not "
+"evaluated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+msgid ""
+"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page for details on the configuration of an SSSD "
+"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:120
+msgid ""
+"Please note that it is an configuration error if both, simple_allow_users "
+"and simple_deny_users, are defined."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:128
+msgid ""
+"The following example assumes that SSSD is correctly configured and "
+"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
+"section. This examples shows only the simple access provider-specific "
+"options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-simple.5.xml:135
+#, no-wrap
+msgid ""
+" [domain/example.com]\n"
+" access_provider = simple\n"
+" simple_allow_users = user1, user2\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:145
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
+msgid "sssd-ipa"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:23
+msgid ""
+"This manual page describes the configuration of the IPA provider for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:36
+msgid ""
+"The IPA provider is a back end used to connect to an IPA server. (Refer to "
+"the freeipa.org web site for information about IPA servers.) This provider "
+"requires that the machine be joined to the IPA domain; configuration is "
+"almost entirely self-discovered and obtained directly from the server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:43
+msgid ""
+"The IPA provider accepts the same options used by the <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> identity provider and the <citerefentry> <refentrytitle"
+">sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> "
+"authentication provider. However, it is neither necessary nor recommended "
+"to set these options. IPA provider can also be used as an access and chpass"
+" provider. As an access provider it uses HBAC (host-based access control) "
+"rules. Please refer to freeipa.org for more information about HBAC. No "
+"configuration of access provider is required on the client side."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:69
+msgid "ipa_domain (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:72
+msgid ""
+"Specifies the name of the IPA domain. This is optional. If not provided, "
+"the configuration domain name is used."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:80
+msgid "ipa_server (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:83
+msgid ""
+"The list of IP addresses or hostnames of the IPA servers to which SSSD "
+"should connect in the order of preference. For more information on failover "
+"and server redundancy, see the <quote>FAILOVER</quote> section. This is "
+"optional if autodiscovery is enabled. For more information on service "
+"discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:96
+msgid "ipa_hostname (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:99
+msgid ""
+"Optional. May be set on machines where the hostname(5) does not reflect the "
+"fully qualified name used in the IPA domain to identify this host."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:107
+msgid "ipa_dyndns_update (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:110
+msgid ""
+"Optional. This option tells SSSD to automatically update the DNS server "
+"built into FreeIPA v2 with the IP address of this client."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:121
+msgid "ipa_dyndns_iface (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:124
+msgid ""
+"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
+"interface whose IP address should be used for dynamic DNS updates."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:129
+msgid "Default: Use the IP address of the IPA LDAP connection"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:135
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:138
+msgid ""
+"Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:142
+msgid "Default: Use base DN"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+msgid "krb5_validate (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+msgid ""
+"Verify with the help of krb5_keytab that the TGT obtained has not been "
+"spoofed."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:158
+msgid ""
+"Note that this default differs from the traditional Kerberos provider back "
+"end."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:175
+msgid ""
+"The following example assumes that SSSD is correctly configured and "
+"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
+"section. This examples shows only the ipa provider-specific options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ipa.5.xml:182
+#, no-wrap
+msgid ""
+" [domain/example.com]\n"
+" id_provider = ipa\n"
+" ipa_server = ipaserver.example.com\n"
+" ipa_hostname = myhost.example.com\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:193
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
+" <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd.8.xml:10 sssd.8.xml:15
+msgid "sssd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd.8.xml:16
+msgid "System Security Services Daemon"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sssd.8.xml:21
+msgid ""
+"<command>sssd</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:31
+msgid ""
+"<command>SSSD</command> provides a set of daemons to manage access to remote"
+" directories and authentication mechanisms. It provides an NSS and PAM "
+"interface toward the system and a pluggable backend system to connect to "
+"multiple different account sources as well as D-Bus interface. It is also "
+"the basis to provide client auditing and policy services for projects like "
+"FreeIPA. It provides a more robust database to store local users as well as "
+"extended user data."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:46
+msgid ""
+"<option>-d</option>,<option>--debug-level</option> "
+"<replaceable>LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:51
+msgid ""
+"Debug level to run the daemon with. 0 is the default as well as the lowest "
+"allowed value, 10 is the most verbose mode. This setting overrides the "
+"settings from config file. This parameter implies <option>-i</option>."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:70
+msgid "<option>-f</option>,<option>--debug-to-files</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:74
+msgid ""
+"Send the debug output to files instead of stderr. By default, the log files "
+"are stored in <filename>/var/log/sssd</filename> and there are separate log "
+"files for every SSSD service and domain."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:82
+msgid "<option>-D</option>,<option>--daemon</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:86
+msgid "Become a daemon after starting up."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:92
+msgid "<option>-i</option>,<option>--interactive</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:96
+msgid "Run in the foreground, don't become a daemon."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:102
+msgid "<option>-c</option>,<option>--config</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:106
+msgid ""
+"Specify a non-default config file. The default is "
+"<filename>/etc/sssd/sssd.conf</filename>. For reference on the config file "
+"syntax and options, consult the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.8.xml:122
+msgid "Signals"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:125
+msgid "SIGTERM/SIGINT"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:128
+msgid ""
+"Informs the SSSD to gracefully terminate all of its child processes and then"
+" shut down the monitor."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:134
+msgid "SIGHUP"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:137
+msgid ""
+"Tells the SSSD to stop writing to its current debug file descriptors and to "
+"close and reopen them. This is meant to facilitate log rolling with programs"
+" like logrotate."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:145
+msgid "SIGUSR1"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:148
+msgid ""
+"Tells the SSSD to simulate offline operation for one minute. This is mostly "
+"useful for testing purposes."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:154
+msgid "SIGUSR2"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:157
+msgid ""
+"Tells the SSSD to go online immediately. This is mostly useful for testing "
+"purposes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:168
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
+msgid "sss_obfuscate"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_obfuscate.8.xml:16
+msgid "obfuscate a clear text password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_obfuscate.8.xml:21
+msgid ""
+"<command>sss_obfuscate</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>[PASSWORD]</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:32
+msgid ""
+"<command>sss_obfuscate</command> converts a given password into human-"
+"unreadable format and places it into appropriate domain section of the SSSD "
+"config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:37
+msgid ""
+"The cleartext password can be specified as an argument to the program, read "
+"from standard input or entered interactively. The obfuscated password is "
+"put into <quote>ldap_default_authtok</quote> parameter of a given SSSD "
+"domain and the <quote>ldap_default_authtok_type</quote> parameter is set to "
+"<quote>obfuscated_password</quote>. Refer to <citerefentry> <refentrytitle"
+">sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more"
+" details on these parameters."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:50
+msgid ""
+"Please note that obfuscating the password provides <emphasis>no real "
+"security benefit</emphasis> as it is still possible for an attacker to "
+"reverse-engineer the password back. Using better authentication mechanisms "
+"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
+"advised."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:64
+msgid "<option>-s</option>,<option>--stdin</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:68
+msgid "The password to obfuscate will be read from standard input."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:75
+msgid ""
+"<option>-d</option>,<option>--domain</option> "
+"<replaceable>DOMAIN</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:80
+msgid ""
+"The SSSD domain to use the password in. The default name is "
+"<quote>default</quote>."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:87
+msgid ""
+"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:92
+msgid "Read the config file specified by the positional parameter."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:96
+msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:106
+msgid ""
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
+msgid "sss_useradd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_useradd.8.xml:16
+msgid "create a new user"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_useradd.8.xml:21
+msgid ""
+"<command>sss_useradd</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>LOGIN</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_useradd.8.xml:32
+msgid ""
+"<command>sss_useradd</command> creates a new user account using the values "
+"specified on the command line plus the default values from the system."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:43
+msgid ""
+"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:48
+msgid ""
+"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
+"not given, it is chosen automatically."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
+msgid ""
+"<option>-c</option>,<option>--gecos</option> "
+"<replaceable>COMMENT</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
+msgid ""
+"Any text string describing the user. Often used as the field for the user's "
+"full name."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
+msgid ""
+"<option>-h</option>,<option>--home</option> "
+"<replaceable>HOME_DIR</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:72
+msgid ""
+"The home directory of the user account. The default is to append the "
+"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
+"that as the home directory. The base that is prepended before "
+"<replaceable>LOGIN</replaceable> is tunable with "
+"<quote>user_defaults/baseDirectory</quote> setting in sssd.conf."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
+msgid ""
+"<option>-s</option>,<option>--shell</option> "
+"<replaceable>SHELL</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:87
+msgid ""
+"The user's login shell. The default is currently "
+"<filename>/bin/bash</filename>. The default can be changed with "
+"<quote>user_defaults/defaultShell</quote> setting in sssd.conf."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:96
+msgid ""
+"<option>-G</option>,<option>--groups</option> "
+"<replaceable>GROUPS</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:101
+msgid "A list of existing groups this user is also a member of."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:107
+msgid "<option>-m</option>,<option>--create-home</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:111
+msgid ""
+"Create the user's home directory if it does not exist. The files and "
+"directories contained in the skeleton directory (which can be defined with "
+"the -k option or in the config file) will be copied to the home directory."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:121
+msgid "<option>-M</option>,<option>--no-create-home</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:125
+msgid ""
+"Do not create the user's home directory. Overrides configuration settings."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:132
+msgid ""
+"<option>-k</option>,<option>--skel</option> "
+"<replaceable>SKELDIR</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:137
+msgid ""
+"The skeleton directory, which contains files and directories to be copied in"
+" the user's home directory, when the home directory is created by "
+"<command>sss_useradd</command>."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:143
+msgid ""
+"This option is only valid if the <option>-m</option> (or <option>--create-"
+"home</option>) option is specified, or creation of home directories is set "
+"to TRUE in the configuration."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
+msgid ""
+"<option>-Z</option>,<option>--selinux-user</option> "
+"<replaceable>SELINUX_USER</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:157
+msgid ""
+"The SELinux user for the user's login. If not specified, the system default "
+"will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_useradd.8.xml:169
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
+msgid "sssd-krb5"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:23
+msgid ""
+"This manual page describes the configuration of the Kerberos 5 "
+"authentication backend for <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, please refer to the "
+"<quote>FILE FORMAT</quote> section of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:36
+msgid ""
+"The Kerberos 5 authentication backend contains auth and chpass providers. It"
+" must be paired with identity provider in order to function properly (for "
+"example, id_provider = ldap). Some information required by the Kerberos 5 "
+"authentication backend must be provided by the identity provider, such as "
+"the user's Kerberos Principal Name (UPN). The configuration of the identity "
+"provider should have an entry to specify the UPN. Please refer to the man "
+"page for the applicable identity provider for details on how to configure "
+"this."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:47
+msgid ""
+"This backend also provides access control based on the .k5login file in the "
+"home directory of the user. See <citerefentry> "
+"<refentrytitle>.k5login</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry> for more details. Please note that an empty .k5login file "
+"will deny all access to this user. To activate this feature use "
+"'access_provider = krb5' in your sssd configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:55
+msgid ""
+"In the case where the UPN is not available in the identity backend "
+"<command>sssd</command> will construct a UPN using the format "
+"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:106
+msgid ""
+"The name of the Kerberos realm. This option is required and must be "
+"specified."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:113
+msgid "krb5_kpasswd (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:116
+msgid ""
+"If the change password service is not running on the KDC alternative servers"
+" can be defined here. An optional port number (preceded by a colon) may be "
+"appended to the addresses or hostnames."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:122
+msgid ""
+"For more information on failover and server redundancy, see the "
+"<quote>FAILOVER</quote> section. Please note that even if there are no more"
+" kpasswd servers to try the back end is not switch to offline if "
+"authentication against the KDC is still possible."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:129
+msgid "Default: Use the KDC"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:135
+msgid "krb5_ccachedir (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:138
+msgid ""
+"Directory to store credential caches. All the substitution sequences of "
+"krb5_ccname_template can be used here, too, except %d and %P. If the "
+"directory does not exist it will be created. If %u, %U, %p or %h are used a "
+"private directory belonging to the user is created. Otherwise a public "
+"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
+"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
+"</citerefentry> for details) is created."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:151
+msgid "Default: /tmp"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:157
+msgid "krb5_ccname_template (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:171
+msgid "login UID"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:174
+msgid "%p"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:175
+msgid "principal name"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:179
+msgid "%r"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:180
+msgid "realm name"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:183
+msgid "%h"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:184
+msgid "home directory"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:189
+msgid "value of krb5ccache_dir"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:194
+msgid "%P"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:195
+msgid "the process ID of the sssd client"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:160
+msgid ""
+"Location of the user's credential cache. Currently only file based "
+"credential caches are supported. In the template the following sequences are"
+" substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
+"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
+"way."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:209
+msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:215
+msgid "krb5_auth_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:218
+msgid ""
+"Timeout in seconds after an online authentication or change password request"
+" is aborted. If possible the authentication request is continued offline."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:241
+msgid "krb5_keytab (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:244
+msgid ""
+"The location of the keytab to use when validating credentials obtained from "
+"KDCs."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:248
+msgid "Default: /etc/krb5.keytab"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:254
+msgid "krb5_store_password_if_offline (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:257
+msgid ""
+"Store the password of the user if the provider is offline and use it to "
+"request a TGT when the provider gets online again."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:262
+msgid ""
+"Please note that this feature currently only available on a Linux platform."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:272
+msgid "krb5_renewable_lifetime (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:275
+msgid ""
+"Request a renewable ticket with a total lifetime given by an integer "
+"immediately followed by one of the following delimiters:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:280 sssd-krb5.5.xml:316
+msgid "<emphasis>s</emphasis> seconds"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
+msgid "<emphasis>m</emphasis> minutes"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
+msgid "<emphasis>h</emphasis> hours"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
+msgid "<emphasis>d</emphasis> days."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
+msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:296
+msgid ""
+"Please note that it is not possible to mix units. If you want to set the "
+"renewable lifetime to one and a half hours please use '90m' instead of "
+"'1h30m'."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:302
+msgid "Default: not set, i.e. the TGT is not renewable"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:308
+msgid "krb5_lifetime (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:311
+msgid ""
+"Request ticket with a with a lifetime given by an integer immediately "
+"followed by one of the following delimiters:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:332
+msgid ""
+"Please note that it is not possible to mix units. If you want to set the "
+"lifetime to one and a half hours please use '90m' instead of '1h30m'."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:337
+msgid ""
+"Default: not set, i.e. the default ticket lifetime configured on the KDC."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:344
+msgid "krb5_renew_interval (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:347
+msgid ""
+"The time in seconds between two checks if the TGT should be renewed. TGTs "
+"are renewed if about half of their lifetime is exceeded."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:352
+msgid "If this option is not set or 0 the automatic renewal is disabled."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:362
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:365
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:370
+msgid ""
+"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
+"option at all."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:374
+msgid ""
+"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
+"continue without."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:378
+msgid ""
+"<emphasis>demand</emphasis> to use FAST, fail if the server does not require"
+" fast."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:382
+msgid "Default: not set, i.e. FAST is not used."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:385
+msgid "Please note that a keytab is required to use fast."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:388
+msgid ""
+"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
+"and above. If sssd used used with an older version using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:65
+msgid ""
+"If the auth-module krb5 is used in a SSSD domain, the following options must"
+" be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
+"SECTIONS</quote> for details on the configuration of a SSSD domain. "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:407
+msgid ""
+"The following example assumes that SSSD is correctly configured and FOO is "
+"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
+"example shows only configuration of Kerberos authentication, it does not "
+"include any identity provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-krb5.5.xml:415
+#, no-wrap
+msgid ""
+" [domain/FOO]\n"
+" auth_provider = krb5\n"
+" krb5_server = 192.168.1.1\n"
+" krb5_realm = EXAMPLE.COM\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:426
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
+" <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
+msgid "sss_groupadd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupadd.8.xml:16
+msgid "create a new group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupadd.8.xml:21
+msgid ""
+"<command>sss_groupadd</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>GROUP</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupadd.8.xml:32
+msgid ""
+"<command>sss_groupadd</command> creates a new group. These groups are "
+"compatible with POSIX groups, with the additional feature that they can "
+"contain other groups as members."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupadd.8.xml:43
+msgid ""
+"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupadd.8.xml:48
+msgid ""
+"Set the GID of the group to the value of <replaceable>GID</replaceable>. If"
+" not given, it is chosen automatically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupadd.8.xml:60
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
+msgid "sss_userdel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_userdel.8.xml:16
+msgid "delete a user account"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_userdel.8.xml:21
+msgid ""
+"<command>sss_userdel</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>LOGIN</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_userdel.8.xml:32
+msgid ""
+"<command>sss_userdel</command> deletes a user identified by login name "
+"<replaceable>LOGIN</replaceable> from the system."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:44
+msgid "<option>-r</option>,<option>--remove</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:48
+msgid ""
+"Files in the user's home directory will be removed along with the home "
+"directory itself and the user's mail spool. Overrides the configuration."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:56
+msgid "<option>-R</option>,<option>--no-remove</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:60
+msgid ""
+"Files in the user's home directory will NOT be removed along with the home "
+"directory itself and the user's mail spool. Overrides the configuration."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:68
+msgid "<option>-f</option>,<option>--force</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:72
+msgid ""
+"This option forces <command>sss_userdel</command> to remove the user's home "
+"directory and mail spool, even if they are not owned by the specified user."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:80
+msgid "<option>-k</option>,<option>--kick</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:84
+msgid "Before actually deleting the user, terminate all his processes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_userdel.8.xml:95
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
+msgid "sss_groupdel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupdel.8.xml:16
+msgid "delete a group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupdel.8.xml:21
+msgid ""
+"<command>sss_groupdel</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>GROUP</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupdel.8.xml:32
+msgid ""
+"<command>sss_groupdel</command> deletes a group identified by its name "
+"<replaceable>GROUP</replaceable> from the system."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupdel.8.xml:48
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
+msgid "sss_groupshow"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupshow.8.xml:16
+msgid "print properties of a group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupshow.8.xml:21
+msgid ""
+"<command>sss_groupshow</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>GROUP</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupshow.8.xml:32
+msgid ""
+"<command>sss_groupshow</command> displays information about a group "
+"identified by its name <replaceable>GROUP</replaceable>. The information "
+"includes the group ID number, members of the group and the parent group."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupshow.8.xml:43
+msgid "<option>-R</option>,<option>--recursive</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupshow.8.xml:47
+msgid ""
+"Also print indirect group members in a tree-like hierarchy. Note that this "
+"also affects printing parent groups - without <option>R</option>, only the "
+"direct parent will be printed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupshow.8.xml:60
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
+msgid "sss_usermod"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_usermod.8.xml:16
+msgid "modify a user account"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_usermod.8.xml:21
+msgid ""
+"<command>sss_usermod</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>LOGIN</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_usermod.8.xml:32
+msgid ""
+"<command>sss_usermod</command> modifies the account specified by "
+"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
+"on the command line."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:60
+msgid "The home directory of the user account."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:71
+msgid "The user's login shell."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:82
+msgid ""
+"Append this user to groups specified by the "
+"<replaceable>GROUPS</replaceable> parameter. The "
+"<replaceable>GROUPS</replaceable> parameter is a comma separated list of "
+"group names."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:96
+msgid ""
+"Remove this user from groups specified by the "
+"<replaceable>GROUPS</replaceable> parameter."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:103
+msgid "<option>-l</option>,<option>--lock</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:107
+msgid "Lock the user account. The user won't be able to log in."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:114
+msgid "<option>-u</option>,<option>--unlock</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:118
+msgid "Unlock the user account."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:129
+msgid "The SELinux user for the user's login."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_usermod.8.xml:140
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/service_discovery.xml:2
+msgid "SERVICE DISCOVERY"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/service_discovery.xml:4
+msgid ""
+"The service discovery feature allows back ends to automatically find the "
+"appropriate servers to connect to using a special DNS query."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:9
+msgid "Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:11
+msgid ""
+"If no servers are specified, the back end automatically uses service "
+"discovery to try to find a server. Optionally, the user may choose to use "
+"both fixed server addresses and service discovery by inserting a special "
+"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
+"preference is maintained. This feature is useful if, for example, the user "
+"prefers to use service discovery whenever possible, and fall back to a "
+"specific server when no servers can be discovered using DNS."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:23
+msgid "The domain name"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:25
+msgid ""
+"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page for more details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:35
+msgid "The protocol"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:37
+msgid ""
+"The queries usually specify _tcp as the protocol. Exceptions are documented "
+"in respective option description."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:42
+msgid "See Also"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:44
+msgid ""
+"For more information on the service discovery mechanism, refer to RFC 2782."
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: include/upstream.xml:1
+msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/failover.xml:2
+msgid "FAILOVER"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/failover.xml:4
+msgid ""
+"The failover feature allows back ends to automatically switch to a different"
+" server if the primary server fails."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:8
+msgid "Failover Syntax"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:10
+msgid ""
+"The list of servers is given as a comma-separated list; any number of spaces"
+" is allowed around the comma. The servers are listed in order of preference."
+" The list can contain any number of servers."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:17
+msgid "The Failover Mechanism"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:19
+msgid ""
+"The failover mechanism distinguishes between a machine and a service. The "
+"back end first tries to resolve the hostname of a given machine; if this "
+"resolution attempt fails, the machine is considered offline. No further "
+"attempts are made to connect to this machine for any other service. If the "
+"resolution attempt succeeds, the back end tries to connect to a service on "
+"this machine. If the service connection attempt fails, then only this "
+"particular service is considered offline and the back end automatically "
+"switches over to the next service. The machine is still considered online "
+"and might still be tried for another service."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:32
+msgid ""
+"Further connection attempts are made to machines or services marked as "
+"offline after a specified period of time; this is currently hard coded to 30"
+" seconds."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:37
+msgid ""
+"If there are no more machines to try, the back end as a whole switches to "
+"offline mode, and then attempts to reconnect every 30 seconds."
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/param_help.xml:3
+msgid "<option>-h</option>,<option>--help</option>"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/param_help.xml:7
+msgid "Display help message and exit."
+msgstr ""
diff --git a/src/man/po/pl.po b/src/man/po/pl.po
new file mode 100644
index 00000000..aa0adb8d
--- /dev/null
+++ b/src/man/po/pl.po
@@ -0,0 +1,5328 @@
+# SOME DESCRIPTIVE TITLE
+# Copyright (C) YEAR Red Hat
+# This file is distributed under the same license as the sssd-docs package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: SSSD\n"
+"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
+"POT-Creation-Date: 2011-01-24 13:36-0500\n"
+"PO-Revision-Date: 2011-03-08 15:06+0000\n"
+"Last-Translator: sgallagh <sgallagh@redhat.com>\n"
+"Language-Team: Polish <None>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Language: pl\n"
+"Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2)\n"
+
+#. type: Content of: <reference><title>
+#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
+#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sssd-ipa.5.xml:5
+#: sssd.8.xml:5 sss_obfuscate.8.xml:5 sss_useradd.8.xml:5 sssd-krb5.5.xml:5
+#: sss_groupadd.8.xml:5 sss_userdel.8.xml:5 sss_groupdel.8.xml:5
+#: sss_groupshow.8.xml:5 sss_usermod.8.xml:5
+msgid "SSSD Manual pages"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
+msgid "sss_groupmod"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sss_groupmod.8.xml:11 pam_sss.8.xml:14 sssd_krb5_locator_plugin.8.xml:11
+#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_useradd.8.xml:11
+#: sss_groupadd.8.xml:11 sss_userdel.8.xml:11 sss_groupdel.8.xml:11
+#: sss_groupshow.8.xml:11 sss_usermod.8.xml:11
+msgid "8"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupmod.8.xml:16
+msgid "modify a group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupmod.8.xml:21
+msgid ""
+"<command>sss_groupmod</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>GROUP</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:41
+#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sssd-ipa.5.xml:21
+#: sssd.8.xml:29 sss_obfuscate.8.xml:30 sss_useradd.8.xml:30
+#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
+#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
+msgid "DESCRIPTION"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupmod.8.xml:32
+msgid ""
+"<command>sss_groupmod</command> modifies the group to reflect the changes "
+"that are specified on the command line."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:39 pam_sss.8.xml:48 sssd.8.xml:42 sss_obfuscate.8.xml:59
+#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
+#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
+msgid "OPTIONS"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
+msgid ""
+"<option>-a</option>,<option>--append-group</option> "
+"<replaceable>GROUPS</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupmod.8.xml:48
+msgid ""
+"Append this group to groups specified by the "
+"<replaceable>GROUPS</replaceable> parameter. The "
+"<replaceable>GROUPS</replaceable> parameter is a comma separated list of "
+"group names."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
+msgid ""
+"<option>-r</option>,<option>--remove-group</option> "
+"<replaceable>GROUPS</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupmod.8.xml:62
+msgid ""
+"Remove this group from groups specified by the "
+"<replaceable>GROUPS</replaceable> parameter."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sss_groupmod.8.xml:72 sssd.conf.5.xml:1008 sssd-ldap.5.xml:1389
+#: pam_sss.8.xml:128 sssd_krb5_locator_plugin.8.xml:75 sssd-simple.5.xml:143
+#: sssd-ipa.5.xml:191 sssd.8.xml:166 sss_obfuscate.8.xml:104
+#: sss_useradd.8.xml:167 sssd-krb5.5.xml:424 sss_groupadd.8.xml:58
+#: sss_userdel.8.xml:93 sss_groupdel.8.xml:46 sss_groupshow.8.xml:58
+#: sss_usermod.8.xml:138
+msgid "SEE ALSO"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupmod.8.xml:74
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd.conf.5.xml:10 sssd.conf.5.xml:16
+msgid "sssd.conf"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><manvolnum>
+#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
+#: sssd-ipa.5.xml:11 sssd-krb5.5.xml:11
+msgid "5"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
+#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
+#: sssd-ipa.5.xml:12 sssd-krb5.5.xml:12
+msgid "File Formats and Conventions"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd.conf.5.xml:17 sssd-ldap.5.xml:17 sssd_krb5_locator_plugin.8.xml:16
+#: sssd-ipa.5.xml:17 sssd-krb5.5.xml:17
+msgid "the configuration file for SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:21
+msgid "FILE FORMAT"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:29
+#, no-wrap
+msgid ""
+" <replaceable>[section]</replaceable>\n"
+" <replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
+" <replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
+" "
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:24
+msgid ""
+"The file has an ini-style syntax and consists of sections and parameters. A "
+"section begins with the name of the section in square brackets and continues"
+" until the next section begins. An example of section with single and multi-"
+"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:36
+msgid ""
+"The data types used are string (no quotes needed), integer and bool (with "
+"values of <quote>TRUE/FALSE</quote>)."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:41
+msgid ""
+"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
+"(<quote>;</quote>)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:46
+msgid ""
+"All sections can have an optional <replaceable>description</replaceable> "
+"parameter. Its function is only as a label for the section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:52
+msgid ""
+"<filename>sssd.conf</filename> must be a regular file, owned by root and "
+"only root may read from or write to the file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:58
+msgid "SPECIAL SECTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:61
+msgid "The [sssd] section"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><title>
+#: sssd.conf.5.xml:70 sssd.conf.5.xml:854
+msgid "Section parameters"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:72
+msgid "config_file_version (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:75
+msgid ""
+"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
+"version 2."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:81
+msgid "services"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:84
+msgid ""
+"Comma separated list of services that are started when sssd itself starts."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:88
+msgid "Supported services: nss, pam"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:93 sssd.conf.5.xml:234
+msgid "reconnection_retries (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:96 sssd.conf.5.xml:237
+msgid ""
+"Number of times services should attempt to reconnect in the event of a Data "
+"Provider crash or restart before they give up"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:101 sssd.conf.5.xml:242
+msgid "Default: 3"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:106
+msgid "domains"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:109
+msgid ""
+"A domain is a database containing user information. SSSD can use more "
+"domains at the same time, but at least one must be configured or SSSD won't "
+"start. This parameter described the list of domains in the order you want "
+"them to be queried."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:119
+msgid "re_expression (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:122
+msgid ""
+"Regular expression that describes how to parse the string containing user "
+"name and domain into these components."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:126
+msgid ""
+"Default: <quote>(?P&lt;name&gt;[^@]+)@?(?P&lt;domain&gt;[^@]*$)</quote> "
+"which translates to \"the name is everything up to the <quote>@</quote> "
+"sign, the domain everything after that\""
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:131
+msgid ""
+"PLEASE NOTE: the support for non-unique named subpatterns is not available "
+"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
+"version 7 or higher can support non-unique named subpatterns."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:138
+msgid ""
+"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax "
+"(?P&lt;name&gt;) to label subpatterns."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:145
+msgid "full_name_format (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:148
+msgid ""
+"A <citerefentry> <refentrytitle>printf</refentrytitle> "
+"<manvolnum>3</manvolnum> </citerefentry>-compatible format that describes "
+"how to translate a (name, domain) tuple into a fully qualified name."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:156
+msgid "Default: <quote>%1$s@%2$s</quote>."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:161
+msgid "try_inotify (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:164
+msgid ""
+"SSSD monitors the state of resolv.conf to identify when it needs to update "
+"its internal DNS resolver. By default, we will attempt to use inotify for "
+"this, and will fall back to polling resolv.conf every five seconds if "
+"inotify cannot be used."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:172
+msgid ""
+"There are some limited situations where it is preferred that we should skip "
+"even trying to use inotify. In these rare cases, this option should be set "
+"to 'false'"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:178
+msgid ""
+"Default: true on platforms where inotify is supported. False on other "
+"platforms."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:182
+msgid ""
+"Note: this option will have no effect on platforms where inotify is "
+"unavailable. On these platforms, polling will always be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:63
+msgid ""
+"Individual pieces of SSSD functionality are provided by special SSSD "
+"services that are started and stopped together with SSSD. The services are "
+"managed by a special service frequently called <quote>monitor</quote>. The "
+"<quote>[sssd]</quote> section is used to configure the monitor as well as "
+"some other important options like the identity domains. <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:195
+msgid "SERVICES SECTIONS"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:197
+msgid ""
+"Settings that can be used to configure different services are described in "
+"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
+"section, for example, for NSS service, the section would be "
+"<quote>[nss]</quote>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:204
+msgid "General service configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:206
+msgid "These options can be used to configure any service."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:210
+msgid "debug_level (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:213
+msgid ""
+"Sets the debug level for the service. The value can be in range from 0 (only"
+" critical messages) to 10 (very verbose)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:218 sssd.conf.5.xml:312
+msgid "Default: 0"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:223 sssd.8.xml:58
+msgid "debug_timestamps (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:226 sssd.8.xml:61
+msgid "Add a timestamp to the debug messages"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:229 sssd.conf.5.xml:353 sssd-ldap.5.xml:1015
+#: sssd-ldap.5.xml:1120 sssd-ipa.5.xml:155
+msgid "Default: true"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:247
+msgid "command (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:250
+msgid ""
+"By default, the executable representing this service is called "
+"<command>sssd_${service_name}</command>. This directive allows to change "
+"the executable name for the service. In the vast majority of configurations,"
+" the default values should suffice."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:258
+msgid "Default: <command>sssd_${service_name}</command>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:266
+msgid "NSS configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:268
+msgid ""
+"These options can be used to configure the Name Service Switch (NSS) "
+"service."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:273
+msgid "enum_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:276
+msgid ""
+"How many seconds should nss_sss cache enumerations (requests for info about "
+"all users)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:280
+msgid "Default: 120"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:285
+msgid "entry_cache_nowait_percentage (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:288
+msgid ""
+"The entry cache can be set to automatically update entries in the background"
+" if they are requested beyond a percentage of the entry_cache_timeout value "
+"for the domain."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:294
+msgid ""
+"For example, if the domain's entry_cache_timeout is set to 30s and "
+"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
+"after 15 seconds past the last cache update will be returned immediately, "
+"but the SSSD will go and update the cache on its own, so that future "
+"requests will not need to block waiting for a cache update."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:304
+msgid ""
+"Valid values for this option are 0-99 and represent a percentage of the "
+"entry_cache_timeout for each domain. For performance reasons, this "
+"percentage will never reduce the nowait timeout to less than 10 seconds. (0"
+" disables this feature)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:317
+msgid "entry_negative_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:320
+msgid ""
+"Specifies for how many seconds nss_sss should cache negative cache hits "
+"(that is, queries for invalid database entries, like nonexistent ones) "
+"before asking the back end again."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:326 sssd-krb5.5.xml:223
+msgid "Default: 15"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:331
+msgid "filter_users, filter_groups (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:334
+msgid ""
+"Exclude certain users from being fetched from the sss NSS database. This is "
+"particularly useful for system accounts. This option can also be set per-"
+"domain or include fully-qualified names to filter only users from the "
+"particular domain."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:341
+msgid "Default: root"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:346
+msgid "filter_users_in_groups (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:349
+msgid ""
+"If you want filtered user still be group members set this option to false."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:360
+msgid "PAM configuration options"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:362
+msgid ""
+"These options can be used to configure the Pluggable Authentication Module "
+"(PAM) service."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:367
+msgid "offline_credentials_expiration (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:370
+msgid ""
+"If the authentication provider is offline, how long should we allow cached "
+"logins (in days since the last successful online login)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:375 sssd.conf.5.xml:388
+msgid "Default: 0 (No limit)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:381
+msgid "offline_failed_login_attempts (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:384
+msgid ""
+"If the authentication provider is offline, how many failed login attempts "
+"are allowed."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:394
+msgid "offline_failed_login_delay (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:397
+msgid ""
+"The time in minutes which has to pass after offline_failed_login_attempts "
+"has been reached before a new login attempt is possible."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:402
+msgid ""
+"If set to 0 the user cannot authenticate offline if "
+"offline_failed_login_attempts has been reached. Only a successful online "
+"authentication can enable enable offline authentication again."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:408 sssd.conf.5.xml:461 sssd.conf.5.xml:793
+msgid "Default: 5"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:414
+msgid "pam_verbosity (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:417
+msgid ""
+"Controls what kind of messages are shown to the user during authentication. "
+"The higher the number to more messages are displayed."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:422
+msgid "Currently sssd supports the following values:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:425
+msgid "<emphasis>0</emphasis>: do not show any message"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:428
+msgid "<emphasis>1</emphasis>: show only important messages"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:432
+msgid "<emphasis>2</emphasis>: show informational messages"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:435
+msgid "<emphasis>3</emphasis>: show all messages and debug information"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:439
+msgid "Default: 1"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:444
+msgid "pam_id_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:447
+msgid ""
+"For any PAM request while SSSD is online, the SSSD will attempt to "
+"immediately update the cached identity information for the user in order to "
+"ensure that authentication takes place with the latest information."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:453
+msgid ""
+"A complete PAM conversation may perform multiple PAM requests, such as "
+"account management and session opening. This option controls (on a per-"
+"client-application basis) how long (in seconds) we can cache the identity "
+"information to avoid excessive round-trips to the identity provider."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:467
+msgid "pam_pwd_expiration_warning (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:470
+msgid "Display a warning N days before the password expires."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:473
+msgid ""
+"Please note that the backend server has to provide information about the "
+"expiration time of the password. If this information is missing, sssd "
+"cannot display a warning."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:479
+msgid "Default: 7"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:488
+msgid "DOMAIN SECTIONS"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:495
+msgid "min_id,max_id (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:498
+msgid ""
+"UID and GID limits for the domain. If a domain contains an entry that is "
+"outside these limits, it is ignored."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:503
+msgid ""
+"For users, this affects the primary GID limit. The user will not be returned"
+" to NSS if either the UID or the primary GID is outside the range. For non-"
+"primary group memberships, those that are in range will be reported as "
+"expected."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:510
+msgid "Default: 1 for min_id, 0 (no limit) for max_id"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:516
+msgid "timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:519
+msgid ""
+"Timeout in seconds between heartbeats for this domain. This is used to "
+"ensure that the backend process is alive and capable of answering requests."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:524
+msgid "Default: 10"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:530
+msgid "enumerate (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:533
+msgid ""
+"Determines if a domain can be enumerated. This parameter can have one of the"
+" following values:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:537
+msgid "TRUE = Users and groups are enumerated"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:540
+msgid "FALSE = No enumerations for this domain"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:543 sssd.conf.5.xml:591 sssd.conf.5.xml:645
+msgid "Default: FALSE"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:546
+msgid ""
+"Note: Enabling enumeration has a moderate performance impact on SSSD while "
+"enumeration is running. It may take up to several minutes after SSSD startup"
+" to fully complete enumerations. During this time, individual requests for "
+"information will go directly to LDAP, though it may be slow, due to the "
+"heavy enumeration processing."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:556
+msgid ""
+"While the first enumeration is running, requests for the complete user or "
+"group lists may return no results until it completes."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:561
+msgid ""
+"Further, enabling enumeration may increase the time necessary to detect "
+"network disconnection, as longer timeouts are required to ensure that "
+"enumeration lookups are completed successfully. For more information, refer"
+" to the man pages for the specific id_provider in use."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:572
+msgid "entry_cache_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:575
+msgid ""
+"How many seconds should nss_sss consider entries valid before asking the "
+"backend again"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:579
+msgid "Default: 5400"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:584
+msgid "cache_credentials (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:587
+msgid "Determines if user credentials are also cached in the local LDB cache"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:596
+msgid "account_cache_expiration (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:599
+msgid ""
+"Number of days entries are left in cache after last successful login before "
+"being removed during a cleanup of the cache. 0 means keep forever. The "
+"value of this parameter must be greater than or equal to "
+"offline_credentials_expiration."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:606
+msgid "Default: 0 (unlimited)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:612
+msgid "id_provider (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:615
+msgid "The Data Provider identity backend to use for this domain."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:619
+msgid "Supported backends:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:622
+msgid "proxy: Support a legacy NSS provider"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:625
+msgid "local: SSSD internal local provider"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:628
+msgid "ldap: LDAP provider"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:634
+msgid "use_fully_qualified_names (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:637
+msgid ""
+"If set to TRUE, all requests to this domain must use fully qualified names. "
+"For example, if used in LOCAL domain that contains a \"test\" user, "
+"<command>getent passwd test</command> wouldn't find the user while "
+"<command>getent passwd test@LOCAL</command> would."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:650
+msgid "auth_provider (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:653
+msgid ""
+"The authentication provider used for the domain. Supported auth providers "
+"are:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:657
+msgid ""
+"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> for more information on configuring LDAP."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:664
+msgid ""
+"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:671
+msgid ""
+"<quote>proxy</quote> for relaying authentication to some other PAM target."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:674
+msgid "<quote>none</quote> disables authentication explicitly."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:677
+msgid ""
+"Default: <quote>id_provider</quote> is used if it is set and can handle "
+"authentication requests."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:683
+msgid "access_provider (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:686
+msgid ""
+"The access control provider used for the domain. There are two built-in "
+"access providers (in addition to any included in installed backends) "
+"Internal special providers are:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:692
+msgid "<quote>permit</quote> always allow access."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:695
+msgid "<quote>deny</quote> always deny access."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:698
+msgid ""
+"<quote>simple</quote> access control based on access or deny lists. See "
+"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> for more information on configuring "
+"the simple access module."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:705
+msgid "Default: <quote>permit</quote>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:710
+msgid "chpass_provider (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:713
+msgid ""
+"The provider which should handle change password operations for the domain."
+" Supported change password providers are:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:718
+msgid ""
+"<quote>ipa</quote> to change a password stored in an IPA server. See "
+"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring"
+" IPA."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:726
+msgid ""
+"<quote>ldap</quote> to change a password stored in a LDAP server. See "
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring"
+" LDAP."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:734
+msgid ""
+"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
+"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> for more information on configuring Kerberos."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:742
+msgid ""
+"<quote>proxy</quote> for relaying password changes to some other PAM target."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:746
+msgid "<quote>none</quote> disallows password changes explicitly."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:749
+msgid ""
+"Default: <quote>auth_provider</quote> is used if it is set and can handle "
+"change password requests."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:756
+msgid "lookup_family_order (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:759
+msgid ""
+"Provides the ability to select preferred address family to use when "
+"performing DNS lookups."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:763
+msgid "Supported values:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:766
+msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:769
+msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:772
+msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:775
+msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:778
+msgid "Default: ipv4_first"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:784
+msgid "dns_resolver_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:787
+msgid ""
+"Defines the amount of time (in seconds) to wait for a reply from the DNS "
+"resolver before assuming that it is unreachable. If this timeout is reached,"
+" the domain will continue to operate in offline mode."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:799
+msgid "dns_discovery_domain (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:802
+msgid ""
+"If service discovery is used in the back end, specifies the domain part of "
+"the service discovery DNS query."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:806
+msgid "Default: Use the domain part of machine's hostname"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:490
+msgid ""
+"These configuration options can be present in a domain configuration "
+"section, that is, in a section called "
+"<quote>[domain/<replaceable>NAME</replaceable>]</quote> <placeholder "
+"type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:818
+msgid "proxy_pam_target (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:821
+msgid "The proxy target PAM proxies to."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:824
+msgid ""
+"Default: not set by default, you have to take an existing pam configuration "
+"or create a new one and add the service name here."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:832
+msgid "proxy_lib_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:835
+msgid ""
+"The name of the NSS library to use in proxy domains. The NSS functions "
+"searched for in the library are in the form of _nss_$(libName)_$(function), "
+"for example _nss_files_getpwent."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:814
+msgid ""
+"Options valid for proxy domains. <placeholder type=\"variablelist\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><title>
+#: sssd.conf.5.xml:847
+msgid "The local domain section"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><refsect2><para>
+#: sssd.conf.5.xml:849
+msgid ""
+"This section contains settings for domain that stores users and groups in "
+"SSSD native database, that is, a domain that uses "
+"<replaceable>id_provider=local</replaceable>."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:856
+msgid "default_shell (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:859
+msgid "The default shell for users created with SSSD userspace tools."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:863
+msgid "Default: <filename>/bin/bash</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:868
+msgid "base_directory (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:871
+msgid ""
+"The tools append the login name to <replaceable>base_directory</replaceable>"
+" and use that as the home directory."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:876
+msgid "Default: <filename>/home</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:881
+msgid "create_homedir (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:884
+msgid ""
+"Indicate if a home directory should be created by default for new users. "
+"Can be overridden on command line."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:888 sssd.conf.5.xml:900
+msgid "Default: TRUE"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:893
+msgid "remove_homedir (bool)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:896
+msgid ""
+"Indicate if a home directory should be removed by default for deleted users."
+" Can be overridden on command line."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:905
+msgid "homedir_umask (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:908
+msgid ""
+"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
+"on a newly created home directory."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:916
+msgid "Default: 077"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:921
+msgid "skel_dir (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:924
+msgid ""
+"The skeleton directory, which contains files and directories to be copied in"
+" the user's home directory, when the home directory is created by "
+"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:934
+msgid "Default: <filename>/etc/skel</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:939
+msgid "mail_dir (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:942
+msgid ""
+"The mail spool directory. This is needed to manipulate the mailbox when its "
+"corresponding user account is modified or deleted. If not specified, a "
+"default value is used."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:949
+msgid "Default: <filename>/var/mail</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
+#: sssd.conf.5.xml:954
+msgid "userdel_cmd (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:957
+msgid ""
+"The command that is run after a user is removed. The command us passed the "
+"username of the user being removed as the first and only parameter. The "
+"return code of the command is not taken into account."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
+#: sssd.conf.5.xml:963
+msgid "Default: None, no command is run"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.conf.5.xml:973 sssd-ldap.5.xml:1357 sssd-simple.5.xml:126
+#: sssd-ipa.5.xml:173 sssd-krb5.5.xml:405
+msgid "EXAMPLE"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd.conf.5.xml:979
+#, no-wrap
+msgid ""
+"[sssd]\n"
+"domains = LDAP\n"
+"services = nss, pam\n"
+"config_file_version = 2\n"
+"\n"
+"[nss]\n"
+"filter_groups = root\n"
+"filter_users = root\n"
+"\n"
+"[pam]\n"
+"\n"
+"[domain/LDAP]\n"
+"id_provider = ldap\n"
+"ldap_uri = ldap://ldap.example.com\n"
+"ldap_search_base = dc=example,dc=com\n"
+"\n"
+"auth_provider = krb5\n"
+"krb5_server = kerberos.example.com\n"
+"krb5_realm = EXAMPLE.COM\n"
+"cache_credentials = true\n"
+"\n"
+"min_id = 10000\n"
+"max_id = 20000\n"
+"enumerate = False\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:975
+msgid ""
+"The following example shows a typical SSSD config. It does not describe "
+"configuration of the domains themselves - refer to documentation on "
+"configuring domains for more details. <placeholder type=\"programlisting\" "
+"id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.conf.5.xml:1010
+msgid ""
+"<citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
+" <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ldap.5.xml:10 sssd-ldap.5.xml:16
+msgid "sssd-ldap"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:23
+msgid ""
+"This manual page describes the configuration of LDAP domains for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
+"information."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:35
+msgid "You can configure SSSD to use more than one LDAP domain."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:38
+msgid ""
+"LDAP back end supports id, auth, access and chpass providers. If you want to"
+" authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
+"<command>sssd</command> <emphasis>does not</emphasis> support authentication"
+" over an unencrypted channel. If the LDAP server is used only as an "
+"identity provider, an encrypted channel is not needed. Please refer to "
+"<quote>ldap_access_filter</quote> config option for more information about "
+"using LDAP as an access provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:61
+#: sssd-krb5.5.xml:63
+msgid "CONFIGURATION OPTIONS"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:60
+msgid "ldap_uri (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:63
+msgid ""
+"Specifies the list of URIs of the LDAP servers to which SSSD should connect "
+"in the order of preference. Refer to the <quote>FAILOVER</quote> section for"
+" more information on failover and server redundancy. If not specified, "
+"service discovery is enabled. For more information, refer to the "
+"<quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:73
+msgid "ldap_chpass_uri (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:76
+msgid ""
+"Specifies the list of URIs of the LDAP servers to which SSSD should connect "
+"in the order of preference to change the password of a user. Refer to the "
+"<quote>FAILOVER</quote> section for more information on failover and server "
+"redundancy."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:83
+msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:87
+msgid "Default: empty, i.e. ldap_uri is used."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:93
+msgid "ldap_search_base (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:96
+msgid "The default base DN to use for performing LDAP user operations."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:100
+msgid ""
+"Default: If not set the value of the defaultNamingContext or namingContexts "
+"attribute from the RootDSE of the LDAP server is used. If "
+"defaultNamingContext does not exists or has an empty value namingContexts is"
+" used. The namingContexts attribute must have a single value with the DN of"
+" the search base of the LDAP server to make this work. Multiple values are "
+"are not supported."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:114
+msgid "ldap_schema (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:117
+msgid ""
+"Specifies the Schema Type in use on the target LDAP server. Depending on "
+"the selected schema, the default attribute names retrieved from the servers "
+"may vary. The way that some attributes are handled may also differ. Three "
+"schema types are currently supported: rfc2307 rfc2307bis IPA The main "
+"difference between these schema types is how group memberships are recorded "
+"in the server. With rfc2307, group members are listed by name in the "
+"<emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, group "
+"members are listed by DN and stored in the <emphasis>member</emphasis> "
+"attribute."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:136
+msgid "Default: rfc2307"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:142
+msgid "ldap_default_bind_dn (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:145
+msgid "The default bind DN to use for performing LDAP operations."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:152
+msgid "ldap_default_authtok_type (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:155
+msgid "The type of the authentication token of the default bind DN."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:159
+msgid "The two mechanisms currently supported are:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:162
+msgid "password"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:165
+msgid "obfuscated_password"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:171
+msgid "ldap_default_authtok (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:174
+msgid ""
+"The authentication token of the default bind DN. Only clear text passwords "
+"are currently supported."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:181
+msgid "ldap_user_object_class (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:184
+msgid "The object class of a user entry in LDAP."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:187
+msgid "Default: posixAccount"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:193
+msgid "ldap_user_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:196
+msgid "The LDAP attribute that corresponds to the user's login name."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:200
+msgid "Default: uid"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:206
+msgid "ldap_user_uid_number (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:209
+msgid "The LDAP attribute that corresponds to the user's id."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:213
+msgid "Default: uidNumber"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:219
+msgid "ldap_user_gid_number (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:222
+msgid "The LDAP attribute that corresponds to the user's primary group id."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:226 sssd-ldap.5.xml:622
+msgid "Default: gidNumber"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:232
+msgid "ldap_user_gecos (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:235
+msgid "The LDAP attribute that corresponds to the user's gecos field."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:239
+msgid "Default: gecos"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:245
+msgid "ldap_user_home_directory (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:248
+msgid ""
+"The LDAP attribute that contains the name of the user's home directory."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:252
+msgid "Default: homeDirectory"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:258
+msgid "ldap_user_shell (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:261
+msgid "The LDAP attribute that contains the path to the user's default shell."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:265
+msgid "Default: loginShell"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:271
+msgid "ldap_user_uuid (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:274
+msgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:278 sssd-ldap.5.xml:648 sssd-ldap.5.xml:741
+msgid "Default: nsUniqueId"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:284
+msgid "ldap_user_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:287 sssd-ldap.5.xml:657 sssd-ldap.5.xml:750
+msgid ""
+"The LDAP attribute that contains timestamp of the last modification of the "
+"parent object."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:291 sssd-ldap.5.xml:661 sssd-ldap.5.xml:754
+msgid "Default: modifyTimestamp"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:297
+msgid "ldap_user_shadow_last_change (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:300
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> counterpart (date of the last password change)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:310
+msgid "Default: shadowLastChange"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:316
+msgid "ldap_user_shadow_min (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:319
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> counterpart (minimum password age)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:328
+msgid "Default: shadowMin"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:334
+msgid "ldap_user_shadow_max (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:337
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> counterpart (maximum password age)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:346
+msgid "Default: shadowMax"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:352
+msgid "ldap_user_shadow_warning (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:355
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> counterpart (password warning period)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:365
+msgid "Default: shadowWarning"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:371
+msgid "ldap_user_shadow_inactive (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:374
+msgid ""
+"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
+"LDAP attribute corresponding to its <citerefentry> "
+"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> counterpart (password inactivity period)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:384
+msgid "Default: shadowInactive"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:390
+msgid "ldap_user_shadow_expire (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:393
+msgid ""
+"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this"
+" parameter contains the name of an LDAP attribute corresponding to its "
+"<citerefentry> <refentrytitle>shadow</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> counterpart (account expiration "
+"date)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:403
+msgid "Default: shadowExpire"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:409
+msgid "ldap_user_krb_last_pwd_change (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:412
+msgid ""
+"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of"
+" an LDAP attribute storing the date and time of last password change in "
+"kerberos."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:418
+msgid "Default: krbLastPwdChange"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:424
+msgid "ldap_user_krb_password_expiration (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:427
+msgid ""
+"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of"
+" an LDAP attribute storing the date and time when current password expires."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:433
+msgid "Default: krbPasswordExpiration"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:439
+msgid "ldap_user_ad_account_expires (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:442
+msgid ""
+"When using ldap_account_expire_policy=ad, this parameter contains the name "
+"of an LDAP attribute storing the expiration time of the account."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:447
+msgid "Default: accountExpires"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:453
+msgid "ldap_user_ad_user_account_control (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:456
+msgid ""
+"When using ldap_account_expire_policy=ad, this parameter contains the name "
+"of an LDAP attribute storing the user account control bit field."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:461
+msgid "Default: userAccountControl"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:467
+msgid "ldap_ns_account_lock (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:470
+msgid ""
+"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
+"determines if access is allowed or not."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:475
+msgid "Default: nsAccountLock"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:481
+msgid "ldap_user_principal (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:484
+msgid ""
+"The LDAP attribute that contains the user's Kerberos User Principal Name "
+"(UPN)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:488
+msgid "Default: krbPrincipalName"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:494
+msgid "ldap_force_upper_case_realm (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:497
+msgid ""
+"Some directory servers, for example Active Directory, might deliver the "
+"realm part of the UPN in lower case, which might cause the authentication to"
+" fail. Set this option to a non-zero value if you want to use an upper-case "
+"realm."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:504 sssd-ldap.5.xml:961 sssd-ipa.5.xml:115 sssd.8.xml:64
+#: sssd-krb5.5.xml:235 sssd-krb5.5.xml:266
+msgid "Default: false"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:510
+msgid "ldap_enumeration_refresh_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:513
+msgid ""
+"The LDAP attribute that contains how many seconds SSSD has to wait before "
+"refreshing its cache of enumerated records."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:518
+msgid "Default: 300"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:524
+msgid "ldap_purge_cache_timeout"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:527
+msgid ""
+"Determine how often to check the cache for inactive entries (such as groups "
+"with no members and users who have never logged in) and remove them to save "
+"space."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:533
+msgid "Setting this option to zero will disable the cache cleanup operation."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:537
+msgid "Default: 10800 (12 hours)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:543
+msgid "ldap_user_fullname (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:546
+msgid "The LDAP attribute that corresponds to the user's full name."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:550 sssd-ldap.5.xml:609 sssd-ldap.5.xml:702
+msgid "Default: cn"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:556
+msgid "ldap_user_member_of (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:559
+msgid "The LDAP attribute that lists the user's group memberships."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:563
+msgid "Default: memberOf"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:569
+msgid "ldap_user_authorized_service (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:572
+msgid ""
+"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
+"use the presence of the authorizedService attribute in the user's LDAP entry"
+" to determine access privilege."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:579
+msgid ""
+"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
+"explicit allow (svc) and finally for allow_all (*)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:584
+msgid "Default: authorizedService"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:590
+msgid "ldap_group_object_class (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:593
+msgid "The object class of a group entry in LDAP."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:596
+msgid "Default: posixGroup"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:602
+msgid "ldap_group_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:605
+msgid "The LDAP attribute that corresponds to the group name."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:615
+msgid "ldap_group_gid_number (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:618
+msgid "The LDAP attribute that corresponds to the group's id."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:628
+msgid "ldap_group_member (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:631
+msgid "The LDAP attribute that contains the names of the group's members."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:635
+msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:641
+msgid "ldap_group_uuid (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:644
+msgid ""
+"The LDAP attribute that contains the UUID/GUID of an LDAP group object."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:654
+msgid "ldap_group_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:667
+msgid "ldap_group_nesting_level (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:670
+msgid ""
+"If ldap_schema is set to a schema format that supports nested groups (e.g. "
+"RFC2307bis), then this option controls how many levels of nesting SSSD will "
+"follow. This option has no effect on the RFC2307 schema."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:677
+msgid "Default: 2"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:683
+msgid "ldap_netgroup_object_class (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:686
+msgid "The object class of a netgroup entry in LDAP."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:689
+msgid "Default: nisNetgroup"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:695
+msgid "ldap_netgroup_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:698
+msgid "The LDAP attribute that corresponds to the netgroup name."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:708
+msgid "ldap_netgroup_member (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:711
+msgid "The LDAP attribute that contains the names of the netgroup's members."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:715
+msgid "Default: memberNisNetgroup"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:721
+msgid "ldap_netgroup_triple (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:724
+msgid ""
+"The LDAP attribute that contains the (host, user, domain) netgroup triples."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:728
+msgid "Default: nisNetgroupTriple"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:734
+msgid "ldap_netgroup_uuid (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:737
+msgid ""
+"The LDAP attribute that contains the UUID/GUID of an LDAP netgroup object."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:747
+msgid "ldap_netgroup_modify_timestamp (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:760
+msgid "ldap_search_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:763
+msgid ""
+"Specifies the timeout (in seconds) that ldap searches are allowed to run "
+"before they are cancelled and cached results are returned (and offline mode "
+"is entered)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:769
+msgid ""
+"Note: this option is subject to change in future versions of the SSSD. It "
+"will likely be replaced at some point by a series of timeouts for specific "
+"lookup types."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:775 sssd-ldap.5.xml:817 sssd-ldap.5.xml:832
+msgid "Default: 6"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:781
+msgid "ldap_enumeration_search_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:784
+msgid ""
+"Specifies the timeout (in seconds) that ldap searches for user and group "
+"enumerations are allowed to run before they are cancelled and cached results"
+" are returned (and offline mode is entered)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:791
+msgid "Default: 60"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:797
+msgid "ldap_network_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:800
+msgid ""
+"Specifies the timeout (in seconds) after which the <citerefentry> "
+"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> "
+"</citerefentry>/<citerefentry> <refentrytitle>select</refentrytitle> "
+"<manvolnum>2</manvolnum> </citerefentry> following a <citerefentry> "
+"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> "
+"</citerefentry> returns in case of no activity."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:823
+msgid "ldap_opt_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:826
+msgid ""
+"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
+"will abort if no response is received. Also controls the timeout when "
+"communicating with the KDC in case of SASL bind."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:838
+msgid "ldap_tls_reqcert (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:841
+msgid ""
+"Specifies what checks to perform on server certificates in a TLS session, if"
+" any. It can be specified as one of the following values:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:847
+msgid ""
+"<emphasis>never</emphasis> = The client will not request or check any server"
+" certificate."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:851
+msgid ""
+"<emphasis>allow</emphasis> = The server certificate is requested. If no "
+"certificate is provided, the session proceeds normally. If a bad certificate"
+" is provided, it will be ignored and the session proceeds normally."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:858
+msgid ""
+"<emphasis>try</emphasis> = The server certificate is requested. If no "
+"certificate is provided, the session proceeds normally. If a bad certificate"
+" is provided, the session is immediately terminated."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:864
+msgid ""
+"<emphasis>demand</emphasis> = The server certificate is requested. If no "
+"certificate is provided, or a bad certificate is provided, the session is "
+"immediately terminated."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:870
+msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:874
+msgid "Default: hard"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:880
+msgid "ldap_tls_cacert (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:883
+msgid ""
+"Specifies the file that contains certificates for all of the Certificate "
+"Authorities that <command>sssd</command> will recognize."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:888 sssd-ldap.5.xml:906 sssd-ldap.5.xml:947
+msgid ""
+"Default: use OpenLDAP defaults, typically in "
+"<filename>/etc/openldap/ldap.conf</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:895
+msgid "ldap_tls_cacertdir (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:898
+msgid ""
+"Specifies the path of a directory that contains Certificate Authority "
+"certificates in separate individual files. Typically the file names need to "
+"be the hash of the certificate followed by '.0'. If available, "
+"<command>cacertdir_rehash</command> can be used to create the correct names."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:913
+msgid "ldap_tls_cert (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:916
+msgid "Specifies the file that contains the certificate for the client's key."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:920 sssd-ldap.5.xml:932 sssd-krb5.5.xml:356
+msgid "Default: not set"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:926
+msgid "ldap_tls_key (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:929
+msgid "Specifies the file that contains the client's key."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:938
+msgid "ldap_tls_cipher_suite (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:941
+msgid ""
+"Specifies acceptable cipher suites. Typically this is a colon sperated "
+"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> for format."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:954
+msgid "ldap_id_use_start_tls (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:957
+msgid ""
+"Specifies that the id_provider connection must also use <systemitem "
+"class=\"protocol\">tls</systemitem> to protect the channel."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:967
+msgid "ldap_sasl_mech (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:970
+msgid ""
+"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
+"supported."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:974 sssd-ldap.5.xml:1102
+msgid "Default: none"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:980
+msgid "ldap_sasl_authid (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:983
+msgid ""
+"Specify the SASL authorization id to use. When GSSAPI is used, this "
+"represents the Kerberos principal used for authentication to the directory."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:988
+msgid "Default: host/machine.fqdn@REALM"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:994
+msgid "ldap_krb5_keytab (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:997
+msgid "Specify the keytab to use when using SASL/GSSAPI."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1000
+msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1006
+msgid "ldap_krb5_init_creds (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1009
+msgid ""
+"Specifies that the id_provider should init Kerberos credentials (TGT). This"
+" action is performed only if SASL is used and the mechanism selected is "
+"GSSAPI."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1021
+msgid "ldap_krb5_ticket_lifetime (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1024
+msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1028
+msgid "Default: 86400 (24 hours)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1034 sssd-krb5.5.xml:74
+msgid "krb5_server (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1037 sssd-krb5.5.xml:77
+msgid ""
+"Specifies the list of IP addresses or hostnames of the Kerberos servers to "
+"which SSSD should connect in the order of preference. For more information "
+"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
+"An optional port number (preceded by a colon) may be appended to the "
+"addresses or hostnames. If empty, service discovery is enabled - for more "
+"information, refer to the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1049 sssd-krb5.5.xml:89
+msgid ""
+"When using service discovery for KDC or kpasswd servers, SSSD first searches"
+" for DNS entries that specify _udp as the protocol and falls back to _tcp if"
+" none are found."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1054 sssd-krb5.5.xml:94
+msgid ""
+"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD."
+" While the legacy name is recognized for the time being, users are advised "
+"to migrate their config files to use <quote>krb5_server</quote> instead."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1063 sssd-krb5.5.xml:103
+msgid "krb5_realm (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1066
+msgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1069
+msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1075
+msgid "ldap_pwd_policy (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1078
+msgid ""
+"Select the policy to evaluate the password expiration on the client side. "
+"The following values are allowed:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1083
+msgid ""
+"<emphasis>none</emphasis> - No evaluation on the client side. This option "
+"cannot disable server-side password policies."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1088
+msgid ""
+"<emphasis>shadow</emphasis> - Use "
+"<citerefentry><refentrytitle>shadow</refentrytitle> "
+"<manvolnum>5</manvolnum></citerefentry> style attributes to evaluate if the "
+"password has expired. Note that the current version of sssd cannot update "
+"this attribute during a password change."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1096
+msgid ""
+"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
+"to determine if the password has expired. Use chpass_provider=krb5 to update"
+" these attributes when the password is changed."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1108
+msgid "ldap_referrals (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1111
+msgid "Specifies whether automatic referral chasing should be enabled."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1115
+msgid ""
+"Please note that sssd only supports referral chasing when it is compiled "
+"with OpenLDAP version 2.4.13 or higher."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1126
+msgid "ldap_dns_service_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1129
+msgid "Specifies the service name to use when service discovery is enabled."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1133
+msgid "Default: ldap"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1139
+msgid "ldap_chpass_dns_service_name (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1142
+msgid ""
+"Specifies the service name to use to find an LDAP server which allows "
+"password changes when service discovery is enabled."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1147
+msgid "Default: not set, i.e. service discovery is disabled"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1153
+msgid "ldap_access_filter (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1156
+msgid ""
+"If using access_provider = ldap, this option is mandatory. It specifies an "
+"LDAP search filter criteria that must be met for the user to be granted "
+"access on this host. If access_provider = ldap and this option is not set, "
+"it will result in all users being denied access. Use access_provider = allow"
+" to change this default behavior."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1166
+msgid "Example:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
+#: sssd-ldap.5.xml:1169
+#, no-wrap
+msgid ""
+"access_provider = ldap\n"
+"ldap_access_filter = memberOf=cn=allowedusers,ou=Groups,dc=example,dc=com\n"
+" "
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1173
+msgid ""
+"This example means that access to this host is restricted to members of the "
+"\"allowedusers\" group in ldap."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1178
+msgid ""
+"Offline caching for this feature is limited to determining whether the "
+"user's last online login was granted access permission. If they were granted"
+" access during their last login, they will continue to be granted access "
+"while offline and vice-versa."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1186 sssd-ldap.5.xml:1227
+msgid "Default: Empty"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1192
+msgid "ldap_account_expire_policy (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1195
+msgid ""
+"With this option a client side evaluation of access control attributes can "
+"be enabled."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1199
+msgid ""
+"Please note that it is always recommended to use server side access control,"
+" i.e. the LDAP server should deny the bind request with a suitable error "
+"code even if the password is correct."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1206
+msgid "The following values are allowed:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1209
+msgid ""
+"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
+"determine if the account is expired."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1214
+msgid ""
+"<emphasis>ad</emphasis>: use the value of the 32bit field "
+"ldap_user_ad_user_account_control and allow access if the second bit is not "
+"set. If the attribute is missing access is granted. Also the expiration time"
+" of the account is checked."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1221
+msgid ""
+"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, "
+"<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check "
+"if access is allowed or not."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1233
+msgid "ldap_access_order (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1236
+msgid "Comma separated list of access control options. Allowed values are:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1240
+msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1243
+msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1247
+msgid ""
+"<emphasis>authorized_service</emphasis>: use the authorizedService attribute"
+" to determine access"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1252
+msgid "Default: filter"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1255
+msgid ""
+"Please note that it is a configuration error if a value is used more than "
+"once."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1262
+msgid "ldap_deref (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1265
+msgid ""
+"Specifies how alias dereferencing is done when performing a search. The "
+"following options are allowed:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1270
+msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1274
+msgid ""
+"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
+"the base object, but not in locating the base object of the search."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1279
+msgid ""
+"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
+"the base object of the search."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1284
+msgid ""
+"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
+"in locating the base object of the search."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1289
+msgid ""
+"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
+"client libraries)"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:51
+msgid ""
+"All of the common configuration options that apply to SSSD domains also "
+"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
+"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:1301
+msgid "ADVANCED OPTIONS"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1308
+msgid "ldap_netgroup_search_base (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1311
+msgid ""
+"An optional base DN to restrict netgroup searches to a specific subtree."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1315 sssd-ldap.5.xml:1329 sssd-ldap.5.xml:1343
+msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1322
+msgid "ldap_user_search_base (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1325
+msgid "An optional base DN to restrict user searches to a specific subtree."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ldap.5.xml:1336
+msgid "ldap_group_search_base (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ldap.5.xml:1339
+msgid "An optional base DN to restrict group searches to a specific subtree."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1303
+msgid ""
+"These options are supported by LDAP domains, but they should be used with "
+"caution. Please include them in your configuration only if you know what you"
+" are doing. <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1359
+msgid ""
+"The following example assumes that SSSD is correctly configured and LDAP is "
+"set to one of the domains in the <replaceable>[domains]</replaceable> "
+"section."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ldap.5.xml:1365
+#, no-wrap
+msgid ""
+" [domain/LDAP]\n"
+" id_provider = ldap\n"
+" auth_provider = ldap\n"
+" ldap_uri = ldap://ldap.mydomain.org\n"
+" ldap_search_base = dc=mydomain,dc=org\n"
+" ldap_tls_reqcert = demand\n"
+" cache_credentials = true\n"
+" enumerate = true\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1364 sssd-simple.5.xml:134 sssd-ipa.5.xml:181
+#: sssd-krb5.5.xml:414
+msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd-ldap.5.xml:1378 sssd_krb5_locator_plugin.8.xml:61
+msgid "NOTES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1380
+msgid ""
+"The descriptions of some of the configuration options in this manual page "
+"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
+"distribution."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ldap.5.xml:1391
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> <refentrytitle>sssd-"
+"krb5</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
+" <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <refentryinfo>
+#: pam_sss.8.xml:8 include/upstream.xml:2
+msgid ""
+"<productname>SSSD</productname> <orgname>The SSSD upstream - "
+"http://fedorahosted.org/sssd</orgname>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: pam_sss.8.xml:13 pam_sss.8.xml:18
+msgid "pam_sss"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: pam_sss.8.xml:19
+msgid "PAM module for SSSD"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: pam_sss.8.xml:24
+msgid ""
+"<command>pam_sss.so</command> <arg choice='opt'> "
+"<replaceable>forward_pass</replaceable> </arg> <arg choice='opt'> "
+"<replaceable>use_first_pass</replaceable> </arg> <arg choice='opt'> "
+"<replaceable>use_authtok</replaceable> </arg> <arg choice='opt'> "
+"<replaceable>retry=N</replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:42
+msgid ""
+"<command>pam_sss.so</command> is the PAM interface to the System Security "
+"Services daemon (SSSD). Errors and results are logged through "
+"<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:52
+msgid "<option>forward_pass</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:55
+msgid ""
+"If <option>forward_pass</option> is set the entered password is put on the "
+"stack for other PAM modules to use."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:62
+msgid "<option>use_first_pass</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:65
+msgid ""
+"The argument use_first_pass forces the module to use a previous stacked "
+"modules password and will never prompt the user - if no password is "
+"available or the password is not appropriate, the user will be denied "
+"access."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:73
+msgid "<option>use_authtok</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:76
+msgid ""
+"When password changing enforce the module to set the new password to the one"
+" provided by a previously stacked password module."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: pam_sss.8.xml:83
+msgid "<option>retry=N</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:86
+msgid ""
+"If specified the user is asked another N times for a password if "
+"authentication fails. Default is 0."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: pam_sss.8.xml:88
+msgid ""
+"Please note that this option might not work as expected if the application "
+"calling PAM handles the user dialog on its own. A typical example is "
+"<command>sshd</command> with <option>PasswordAuthentication</option>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss.8.xml:99
+msgid "MODULE TYPES PROVIDED"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:100
+msgid ""
+"All module types (<option>account</option>, <option>auth</option>, "
+"<option>password</option> and <option>session</option>) are provided."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: pam_sss.8.xml:106
+msgid "FILES"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:107
+msgid ""
+"If a password reset by root fails, because the corresponding SSSD provider "
+"does not support password resets, an individual message can be displayed. "
+"This message can e.g. contain instructions about how to reset a password."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:112
+msgid ""
+"The message is read from the file "
+"<filename>pam_sss_pw_reset_message.LOC</filename> where LOC stands for a "
+"locale string returned by <citerefentry> "
+"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> "
+"</citerefentry>. If there is no matching file the content of "
+"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be"
+" the owner of the files and only root may have read and write permissions "
+"while all other users must have only read permisssions."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:122
+msgid ""
+"These files are searched in the directory "
+"<filename>/etc/sssd/customize/DOMAIN_NAME/</filename>. If no matching file "
+"is present a generic message is displayed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: pam_sss.8.xml:130
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
+msgid "sssd_krb5_locator_plugin"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:22
+msgid ""
+"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
+"used by the Kerberos provider of <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry>"
+" to tell the Kerberos libraries what Realm and which KDC to use. Typically "
+"this is done in <citerefentry> <refentrytitle>krb5.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> which is always read by the "
+"Kerberos libraries. To simplyfy the configuration the Realm and the KDC can "
+"be defined in <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> as described in <citerefentry> "
+"<refentrytitle>sssd-krb5.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:48
+msgid ""
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry> puts the Realm and the name or IP address of the KDC into "
+"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
+"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
+"libraries it reads and evaluates these variable and returns them to the "
+"libraries."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:63
+msgid ""
+"Not all Kerberos implementations support the use of plugins. If "
+"<command>sssd_krb5_locator_plugin</command> is not available on your system "
+"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:69
+msgid ""
+"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
+"debug messages will be sent to stderr."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd_krb5_locator_plugin.8.xml:77
+msgid ""
+"<citerefentry> <refentrytitle>sssd-"
+"krb5</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
+" <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-simple.5.xml:10 sssd-simple.5.xml:16
+msgid "sssd-simple"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd-simple.5.xml:17
+msgid "the configuration file for SSSD's 'simple' access-control provider"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:24
+msgid ""
+"This manual page describes the configuration of the simple access-control "
+"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
+"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
+"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:38
+msgid ""
+"The simple access provider grants or denies access based on an access or "
+"deny list of user or group names. The following rules apply:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:43
+msgid "If all lists are empty, access is granted"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:47
+msgid ""
+"If any list is provided, the order of evaluation is allow,deny. This means "
+"that any matching deny rule will supersede any matched allow rule."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:54
+msgid ""
+"If either or both \"allow\" lists are provided, all users are denied unless "
+"they appear in the list."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><itemizedlist><listitem><para>
+#: sssd-simple.5.xml:60
+msgid ""
+"If only \"deny\" lists are provided, all users are granted access unless "
+"they appear in the list."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:78
+msgid "simple_allow_users (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:81
+msgid "Comma separated list of users who are allowed to log in."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:88
+msgid "simple_deny_users (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:91
+msgid "Comma separated list of users who are explicitly denied access."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:97
+msgid "simple_allow_groups (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:100
+msgid ""
+"Comma separated list of groups that are allowed to log in. This applies only"
+" to groups within this SSSD domain. Local groups are not evaluated."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-simple.5.xml:108
+msgid "simple_deny_groups (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-simple.5.xml:111
+msgid ""
+"Comma separated list of groups that are explicitly denied access. This "
+"applies only to groups within this SSSD domain. Local groups are not "
+"evaluated."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:70 sssd-ipa.5.xml:62
+msgid ""
+"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page for details on the configuration of an SSSD "
+"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:120
+msgid ""
+"Please note that it is an configuration error if both, simple_allow_users "
+"and simple_deny_users, are defined."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:128
+msgid ""
+"The following example assumes that SSSD is correctly configured and "
+"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
+"section. This examples shows only the simple access provider-specific "
+"options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-simple.5.xml:135
+#, no-wrap
+msgid ""
+" [domain/example.com]\n"
+" access_provider = simple\n"
+" simple_allow_users = user1, user2\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-simple.5.xml:145
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-ipa.5.xml:10 sssd-ipa.5.xml:16
+msgid "sssd-ipa"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:23
+msgid ""
+"This manual page describes the configuration of the IPA provider for "
+"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
+"FORMAT</quote> section of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:36
+msgid ""
+"The IPA provider is a back end used to connect to an IPA server. (Refer to "
+"the freeipa.org web site for information about IPA servers.) This provider "
+"requires that the machine be joined to the IPA domain; configuration is "
+"almost entirely self-discovered and obtained directly from the server."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:43
+msgid ""
+"The IPA provider accepts the same options used by the <citerefentry> "
+"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> identity provider and the <citerefentry> <refentrytitle"
+">sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> "
+"authentication provider. However, it is neither necessary nor recommended "
+"to set these options. IPA provider can also be used as an access and chpass"
+" provider. As an access provider it uses HBAC (host-based access control) "
+"rules. Please refer to freeipa.org for more information about HBAC. No "
+"configuration of access provider is required on the client side."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:69
+msgid "ipa_domain (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:72
+msgid ""
+"Specifies the name of the IPA domain. This is optional. If not provided, "
+"the configuration domain name is used."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:80
+msgid "ipa_server (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:83
+msgid ""
+"The list of IP addresses or hostnames of the IPA servers to which SSSD "
+"should connect in the order of preference. For more information on failover "
+"and server redundancy, see the <quote>FAILOVER</quote> section. This is "
+"optional if autodiscovery is enabled. For more information on service "
+"discovery, refer to the the <quote>SERVICE DISCOVERY</quote> section."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:96
+msgid "ipa_hostname (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:99
+msgid ""
+"Optional. May be set on machines where the hostname(5) does not reflect the "
+"fully qualified name used in the IPA domain to identify this host."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:107
+msgid "ipa_dyndns_update (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:110
+msgid ""
+"Optional. This option tells SSSD to automatically update the DNS server "
+"built into FreeIPA v2 with the IP address of this client."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:121
+msgid "ipa_dyndns_iface (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:124
+msgid ""
+"Optional. Applicable only when ipa_dyndns_update is true. Choose the "
+"interface whose IP address should be used for dynamic DNS updates."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:129
+msgid "Default: Use the IP address of the IPA LDAP connection"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:135
+msgid "ipa_hbac_search_base (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:138
+msgid ""
+"Optional. Use the given string as search base for HBAC related objects."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:142
+msgid "Default: Use base DN"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-ipa.5.xml:148 sssd-krb5.5.xml:229
+msgid "krb5_validate (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:151 sssd-krb5.5.xml:232
+msgid ""
+"Verify with the help of krb5_keytab that the TGT obtained has not been "
+"spoofed."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-ipa.5.xml:158
+msgid ""
+"Note that this default differs from the traditional Kerberos provider back "
+"end."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:175
+msgid ""
+"The following example assumes that SSSD is correctly configured and "
+"example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
+"section. This examples shows only the ipa provider-specific options."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-ipa.5.xml:182
+#, no-wrap
+msgid ""
+" [domain/example.com]\n"
+" id_provider = ipa\n"
+" ipa_server = ipaserver.example.com\n"
+" ipa_hostname = myhost.example.com\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-ipa.5.xml:193
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
+" <refentrytitle>sssd-krb5</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd.8.xml:10 sssd.8.xml:15
+msgid "sssd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sssd.8.xml:16
+msgid "System Security Services Daemon"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sssd.8.xml:21
+msgid ""
+"<command>sssd</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:31
+msgid ""
+"<command>SSSD</command> provides a set of daemons to manage access to remote"
+" directories and authentication mechanisms. It provides an NSS and PAM "
+"interface toward the system and a pluggable backend system to connect to "
+"multiple different account sources as well as D-Bus interface. It is also "
+"the basis to provide client auditing and policy services for projects like "
+"FreeIPA. It provides a more robust database to store local users as well as "
+"extended user data."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:46
+msgid ""
+"<option>-d</option>,<option>--debug-level</option> "
+"<replaceable>LEVEL</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:51
+msgid ""
+"Debug level to run the daemon with. 0 is the default as well as the lowest "
+"allowed value, 10 is the most verbose mode. This setting overrides the "
+"settings from config file. This parameter implies <option>-i</option>."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:70
+msgid "<option>-f</option>,<option>--debug-to-files</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:74
+msgid ""
+"Send the debug output to files instead of stderr. By default, the log files "
+"are stored in <filename>/var/log/sssd</filename> and there are separate log "
+"files for every SSSD service and domain."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:82
+msgid "<option>-D</option>,<option>--daemon</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:86
+msgid "Become a daemon after starting up."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:92
+msgid "<option>-i</option>,<option>--interactive</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:96
+msgid "Run in the foreground, don't become a daemon."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:102
+msgid "<option>-c</option>,<option>--config</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:106
+msgid ""
+"Specify a non-default config file. The default is "
+"<filename>/etc/sssd/sssd.conf</filename>. For reference on the config file "
+"syntax and options, consult the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><title>
+#: sssd.8.xml:122
+msgid "Signals"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:125
+msgid "SIGTERM/SIGINT"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:128
+msgid ""
+"Informs the SSSD to gracefully terminate all of its child processes and then"
+" shut down the monitor."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:134
+msgid "SIGHUP"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:137
+msgid ""
+"Tells the SSSD to stop writing to its current debug file descriptors and to "
+"close and reopen them. This is meant to facilitate log rolling with programs"
+" like logrotate."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:145
+msgid "SIGUSR1"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:148
+msgid ""
+"Tells the SSSD to simulate offline operation for one minute. This is mostly "
+"useful for testing purposes."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sssd.8.xml:154
+msgid "SIGUSR2"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sssd.8.xml:157
+msgid ""
+"Tells the SSSD to go online immediately. This is mostly useful for testing "
+"purposes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd.8.xml:168
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
+msgid "sss_obfuscate"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_obfuscate.8.xml:16
+msgid "obfuscate a clear text password"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_obfuscate.8.xml:21
+msgid ""
+"<command>sss_obfuscate</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>[PASSWORD]</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:32
+msgid ""
+"<command>sss_obfuscate</command> converts a given password into human-"
+"unreadable format and places it into appropriate domain section of the SSSD "
+"config file."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:37
+msgid ""
+"The cleartext password can be specified as an argument to the program, read "
+"from standard input or entered interactively. The obfuscated password is "
+"put into <quote>ldap_default_authtok</quote> parameter of a given SSSD "
+"domain and the <quote>ldap_default_authtok_type</quote> parameter is set to "
+"<quote>obfuscated_password</quote>. Refer to <citerefentry> <refentrytitle"
+">sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more"
+" details on these parameters."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:50
+msgid ""
+"Please note that obfuscating the password provides <emphasis>no real "
+"security benefit</emphasis> as it is still possible for an attacker to "
+"reverse-engineer the password back. Using better authentication mechanisms "
+"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
+"advised."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:64
+msgid "<option>-s</option>,<option>--stdin</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:68
+msgid "The password to obfuscate will be read from standard input."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:75
+msgid ""
+"<option>-d</option>,<option>--domain</option> "
+"<replaceable>DOMAIN</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:80
+msgid ""
+"The SSSD domain to use the password in. The default name is "
+"<quote>default</quote>."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_obfuscate.8.xml:87
+msgid ""
+"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:92
+msgid "Read the config file specified by the positional parameter."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_obfuscate.8.xml:96
+msgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_obfuscate.8.xml:106
+msgid ""
+"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_useradd.8.xml:10 sss_useradd.8.xml:15
+msgid "sss_useradd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_useradd.8.xml:16
+msgid "create a new user"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_useradd.8.xml:21
+msgid ""
+"<command>sss_useradd</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>LOGIN</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_useradd.8.xml:32
+msgid ""
+"<command>sss_useradd</command> creates a new user account using the values "
+"specified on the command line plus the default values from the system."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:43
+msgid ""
+"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:48
+msgid ""
+"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
+"not given, it is chosen automatically."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:55 sss_usermod.8.xml:43
+msgid ""
+"<option>-c</option>,<option>--gecos</option> "
+"<replaceable>COMMENT</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:60 sss_usermod.8.xml:48
+msgid ""
+"Any text string describing the user. Often used as the field for the user's "
+"full name."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:67 sss_usermod.8.xml:55
+msgid ""
+"<option>-h</option>,<option>--home</option> "
+"<replaceable>HOME_DIR</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:72
+msgid ""
+"The home directory of the user account. The default is to append the "
+"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
+"that as the home directory. The base that is prepended before "
+"<replaceable>LOGIN</replaceable> is tunable with "
+"<quote>user_defaults/baseDirectory</quote> setting in sssd.conf."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:82 sss_usermod.8.xml:66
+msgid ""
+"<option>-s</option>,<option>--shell</option> "
+"<replaceable>SHELL</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:87
+msgid ""
+"The user's login shell. The default is currently "
+"<filename>/bin/bash</filename>. The default can be changed with "
+"<quote>user_defaults/defaultShell</quote> setting in sssd.conf."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:96
+msgid ""
+"<option>-G</option>,<option>--groups</option> "
+"<replaceable>GROUPS</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:101
+msgid "A list of existing groups this user is also a member of."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:107
+msgid "<option>-m</option>,<option>--create-home</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:111
+msgid ""
+"Create the user's home directory if it does not exist. The files and "
+"directories contained in the skeleton directory (which can be defined with "
+"the -k option or in the config file) will be copied to the home directory."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:121
+msgid "<option>-M</option>,<option>--no-create-home</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:125
+msgid ""
+"Do not create the user's home directory. Overrides configuration settings."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:132
+msgid ""
+"<option>-k</option>,<option>--skel</option> "
+"<replaceable>SKELDIR</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:137
+msgid ""
+"The skeleton directory, which contains files and directories to be copied in"
+" the user's home directory, when the home directory is created by "
+"<command>sss_useradd</command>."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:143
+msgid ""
+"This option is only valid if the <option>-m</option> (or <option>--create-"
+"home</option>) option is specified, or creation of home directories is set "
+"to TRUE in the configuration."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_useradd.8.xml:152 sss_usermod.8.xml:124
+msgid ""
+"<option>-Z</option>,<option>--selinux-user</option> "
+"<replaceable>SELINUX_USER</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_useradd.8.xml:157
+msgid ""
+"The SELinux user for the user's login. If not specified, the system default "
+"will be used."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_useradd.8.xml:169
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sssd-krb5.5.xml:10 sssd-krb5.5.xml:16
+msgid "sssd-krb5"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:23
+msgid ""
+"This manual page describes the configuration of the Kerberos 5 "
+"authentication backend for <citerefentry> "
+"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
+"</citerefentry>. For a detailed syntax reference, please refer to the "
+"<quote>FILE FORMAT</quote> section of the <citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> "
+"</citerefentry> manual page"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:36
+msgid ""
+"The Kerberos 5 authentication backend contains auth and chpass providers. It"
+" must be paired with identity provider in order to function properly (for "
+"example, id_provider = ldap). Some information required by the Kerberos 5 "
+"authentication backend must be provided by the identity provider, such as "
+"the user's Kerberos Principal Name (UPN). The configuration of the identity "
+"provider should have an entry to specify the UPN. Please refer to the man "
+"page for the applicable identity provider for details on how to configure "
+"this."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:47
+msgid ""
+"This backend also provides access control based on the .k5login file in the "
+"home directory of the user. See <citerefentry> "
+"<refentrytitle>.k5login</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry> for more details. Please note that an empty .k5login file "
+"will deny all access to this user. To activate this feature use "
+"'access_provider = krb5' in your sssd configuration."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:55
+msgid ""
+"In the case where the UPN is not available in the identity backend "
+"<command>sssd</command> will construct a UPN using the format "
+"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:106
+msgid ""
+"The name of the Kerberos realm. This option is required and must be "
+"specified."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:113
+msgid "krb5_kpasswd (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:116
+msgid ""
+"If the change password service is not running on the KDC alternative servers"
+" can be defined here. An optional port number (preceded by a colon) may be "
+"appended to the addresses or hostnames."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:122
+msgid ""
+"For more information on failover and server redundancy, see the "
+"<quote>FAILOVER</quote> section. Please note that even if there are no more"
+" kpasswd servers to try the back end is not switch to offline if "
+"authentication against the KDC is still possible."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:129
+msgid "Default: Use the KDC"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:135
+msgid "krb5_ccachedir (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:138
+msgid ""
+"Directory to store credential caches. All the substitution sequences of "
+"krb5_ccname_template can be used here, too, except %d and %P. If the "
+"directory does not exist it will be created. If %u, %U, %p or %h are used a "
+"private directory belonging to the user is created. Otherwise a public "
+"directory with restricted deletion flag (aka sticky bit, see <citerefentry> "
+"<refentrytitle>chmod</refentrytitle> <manvolnum>1</manvolnum> "
+"</citerefentry> for details) is created."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:151
+msgid "Default: /tmp"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:157
+msgid "krb5_ccname_template (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:166
+msgid "%u"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:167
+msgid "login name"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:170
+msgid "%U"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:171
+msgid "login UID"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:174
+msgid "%p"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:175
+msgid "principal name"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:179
+msgid "%r"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:180
+msgid "realm name"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:183
+msgid "%h"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:184
+msgid "home directory"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:188
+msgid "%d"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:189
+msgid "value of krb5ccache_dir"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:194
+msgid "%P"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:195
+msgid "the process ID of the sssd client"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:200
+msgid "%%"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:201
+msgid "a literal '%'"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:160
+msgid ""
+"Location of the user's credential cache. Currently only file based "
+"credential caches are supported. In the template the following sequences are"
+" substituted: <placeholder type=\"variablelist\" id=\"0\"/> If the template "
+"ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe "
+"way."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:209
+msgid "Default: FILE:%d/krb5cc_%U_XXXXXX"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:215
+msgid "krb5_auth_timeout (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:218
+msgid ""
+"Timeout in seconds after an online authentication or change password request"
+" is aborted. If possible the authentication request is continued offline."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:241
+msgid "krb5_keytab (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:244
+msgid ""
+"The location of the keytab to use when validating credentials obtained from "
+"KDCs."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:248
+msgid "Default: /etc/krb5.keytab"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:254
+msgid "krb5_store_password_if_offline (boolean)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:257
+msgid ""
+"Store the password of the user if the provider is offline and use it to "
+"request a TGT when the provider gets online again."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:262
+msgid ""
+"Please note that this feature currently only available on a Linux platform."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:272
+msgid "krb5_renewable_lifetime (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:275
+msgid ""
+"Request a renewable ticket with a total lifetime given by an integer "
+"immediately followed by one of the following delimiters:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:280 sssd-krb5.5.xml:316
+msgid "<emphasis>s</emphasis> seconds"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:283 sssd-krb5.5.xml:319
+msgid "<emphasis>m</emphasis> minutes"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:286 sssd-krb5.5.xml:322
+msgid "<emphasis>h</emphasis> hours"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:289 sssd-krb5.5.xml:325
+msgid "<emphasis>d</emphasis> days."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:292 sssd-krb5.5.xml:328
+msgid "If there is no delimiter <emphasis>s</emphasis> is assumed."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:296
+msgid ""
+"Please note that it is not possible to mix units. If you want to set the "
+"renewable lifetime to one and a half hours please use '90m' instead of "
+"'1h30m'."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:302
+msgid "Default: not set, i.e. the TGT is not renewable"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:308
+msgid "krb5_lifetime (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:311
+msgid ""
+"Request ticket with a with a lifetime given by an integer immediately "
+"followed by one of the following delimiters:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:332
+msgid ""
+"Please note that it is not possible to mix units. If you want to set the "
+"lifetime to one and a half hours please use '90m' instead of '1h30m'."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:337
+msgid ""
+"Default: not set, i.e. the default ticket lifetime configured on the KDC."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:344
+msgid "krb5_renew_interval (integer)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:347
+msgid ""
+"The time in seconds between two checks if the TGT should be renewed. TGTs "
+"are renewed if about half of their lifetime is exceeded."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:352
+msgid "If this option is not set or 0 the automatic renewal is disabled."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><term>
+#: sssd-krb5.5.xml:362
+msgid "krb5_use_fast (string)"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:365
+msgid ""
+"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
+"authentication. The following options are supported:"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:370
+msgid ""
+"<emphasis>never</emphasis> use FAST, this is equivalent to not set this "
+"option at all."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:374
+msgid ""
+"<emphasis>try</emphasis> to use FAST, if the server does not support fast "
+"continue without."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:378
+msgid ""
+"<emphasis>demand</emphasis> to use FAST, fail if the server does not require"
+" fast."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:382
+msgid "Default: not set, i.e. FAST is not used."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:385
+msgid "Please note that a keytab is required to use fast."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
+#: sssd-krb5.5.xml:388
+msgid ""
+"Please note also that sssd supports fast only with MIT Kerberos version 1.8 "
+"and above. If sssd used used with an older version using this option is a "
+"configuration error."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:65
+msgid ""
+"If the auth-module krb5 is used in a SSSD domain, the following options must"
+" be used. See the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page, section <quote>DOMAIN "
+"SECTIONS</quote> for details on the configuration of a SSSD domain. "
+"<placeholder type=\"variablelist\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:407
+msgid ""
+"The following example assumes that SSSD is correctly configured and FOO is "
+"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
+"example shows only configuration of Kerberos authentication, it does not "
+"include any identity provider."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para><programlisting>
+#: sssd-krb5.5.xml:415
+#, no-wrap
+msgid ""
+" [domain/FOO]\n"
+" auth_provider = krb5\n"
+" krb5_server = 192.168.1.1\n"
+" krb5_realm = EXAMPLE.COM\n"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sssd-krb5.5.xml:426
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sssd.conf</refentrytitle><manvolnum>5</manvolnum> "
+"</citerefentry>, <citerefentry> <refentrytitle>sssd-"
+"ldap</refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry>"
+" <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </citerefentry>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
+msgid "sss_groupadd"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupadd.8.xml:16
+msgid "create a new group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupadd.8.xml:21
+msgid ""
+"<command>sss_groupadd</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>GROUP</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupadd.8.xml:32
+msgid ""
+"<command>sss_groupadd</command> creates a new group. These groups are "
+"compatible with POSIX groups, with the additional feature that they can "
+"contain other groups as members."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupadd.8.xml:43
+msgid ""
+"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupadd.8.xml:48
+msgid ""
+"Set the GID of the group to the value of <replaceable>GID</replaceable>. If"
+" not given, it is chosen automatically."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupadd.8.xml:60
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_userdel.8.xml:10 sss_userdel.8.xml:15
+msgid "sss_userdel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_userdel.8.xml:16
+msgid "delete a user account"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_userdel.8.xml:21
+msgid ""
+"<command>sss_userdel</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>LOGIN</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_userdel.8.xml:32
+msgid ""
+"<command>sss_userdel</command> deletes a user identified by login name "
+"<replaceable>LOGIN</replaceable> from the system."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:44
+msgid "<option>-r</option>,<option>--remove</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:48
+msgid ""
+"Files in the user's home directory will be removed along with the home "
+"directory itself and the user's mail spool. Overrides the configuration."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:56
+msgid "<option>-R</option>,<option>--no-remove</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:60
+msgid ""
+"Files in the user's home directory will NOT be removed along with the home "
+"directory itself and the user's mail spool. Overrides the configuration."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:68
+msgid "<option>-f</option>,<option>--force</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:72
+msgid ""
+"This option forces <command>sss_userdel</command> to remove the user's home "
+"directory and mail spool, even if they are not owned by the specified user."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_userdel.8.xml:80
+msgid "<option>-k</option>,<option>--kick</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_userdel.8.xml:84
+msgid "Before actually deleting the user, terminate all his processes."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_userdel.8.xml:95
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
+msgid "sss_groupdel"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupdel.8.xml:16
+msgid "delete a group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupdel.8.xml:21
+msgid ""
+"<command>sss_groupdel</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>GROUP</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupdel.8.xml:32
+msgid ""
+"<command>sss_groupdel</command> deletes a group identified by its name "
+"<replaceable>GROUP</replaceable> from the system."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupdel.8.xml:48
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
+msgid "sss_groupshow"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_groupshow.8.xml:16
+msgid "print properties of a group"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_groupshow.8.xml:21
+msgid ""
+"<command>sss_groupshow</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>GROUP</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupshow.8.xml:32
+msgid ""
+"<command>sss_groupshow</command> displays information about a group "
+"identified by its name <replaceable>GROUP</replaceable>. The information "
+"includes the group ID number, members of the group and the parent group."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_groupshow.8.xml:43
+msgid "<option>-R</option>,<option>--recursive</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_groupshow.8.xml:47
+msgid ""
+"Also print indirect group members in a tree-like hierarchy. Note that this "
+"also affects printing parent groups - without <option>R</option>, only the "
+"direct parent will be printed."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_groupshow.8.xml:60
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refname>
+#: sss_usermod.8.xml:10 sss_usermod.8.xml:15
+msgid "sss_usermod"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refnamediv><refpurpose>
+#: sss_usermod.8.xml:16
+msgid "modify a user account"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
+#: sss_usermod.8.xml:21
+msgid ""
+"<command>sss_usermod</command> <arg choice='opt'> "
+"<replaceable>options</replaceable> </arg> <arg "
+"choice='plain'><replaceable>LOGIN</replaceable></arg>"
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_usermod.8.xml:32
+msgid ""
+"<command>sss_usermod</command> modifies the account specified by "
+"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
+"on the command line."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:60
+msgid "The home directory of the user account."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:71
+msgid "The user's login shell."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:82
+msgid ""
+"Append this user to groups specified by the "
+"<replaceable>GROUPS</replaceable> parameter. The "
+"<replaceable>GROUPS</replaceable> parameter is a comma separated list of "
+"group names."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:96
+msgid ""
+"Remove this user from groups specified by the "
+"<replaceable>GROUPS</replaceable> parameter."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:103
+msgid "<option>-l</option>,<option>--lock</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:107
+msgid "Lock the user account. The user won't be able to log in."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><term>
+#: sss_usermod.8.xml:114
+msgid "<option>-u</option>,<option>--unlock</option>"
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:118
+msgid "Unlock the user account."
+msgstr ""
+
+#. type: Content of:
+#. <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
+#: sss_usermod.8.xml:129
+msgid "The SELinux user for the user's login."
+msgstr ""
+
+#. type: Content of: <reference><refentry><refsect1><para>
+#: sss_usermod.8.xml:140
+msgid ""
+"<citerefentry> "
+"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupmod</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>, <citerefentry> "
+"<refentrytitle>sss_userdel</refentrytitle><manvolnum>8</manvolnum> "
+"</citerefentry>."
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/service_discovery.xml:2
+msgid "SERVICE DISCOVERY"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/service_discovery.xml:4
+msgid ""
+"The service discovery feature allows back ends to automatically find the "
+"appropriate servers to connect to using a special DNS query."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:9
+msgid "Configuration"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:11
+msgid ""
+"If no servers are specified, the back end automatically uses service "
+"discovery to try to find a server. Optionally, the user may choose to use "
+"both fixed server addresses and service discovery by inserting a special "
+"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
+"preference is maintained. This feature is useful if, for example, the user "
+"prefers to use service discovery whenever possible, and fall back to a "
+"specific server when no servers can be discovered using DNS."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:23
+msgid "The domain name"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:25
+msgid ""
+"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
+"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
+"<manvolnum>5</manvolnum> </citerefentry> manual page for more details."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:35
+msgid "The protocol"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:37
+msgid ""
+"The queries usually specify _tcp as the protocol. Exceptions are documented "
+"in respective option description."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/service_discovery.xml:42
+msgid "See Also"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/service_discovery.xml:44
+msgid ""
+"For more information on the service discovery mechanism, refer to RFC 2782."
+msgstr ""
+
+#. type: Content of: outside any tag (error?)
+#: include/upstream.xml:1
+msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
+msgstr ""
+
+#. type: Content of: <refsect1><title>
+#: include/failover.xml:2
+msgid "FAILOVER"
+msgstr ""
+
+#. type: Content of: <refsect1><para>
+#: include/failover.xml:4
+msgid ""
+"The failover feature allows back ends to automatically switch to a different"
+" server if the primary server fails."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:8
+msgid "Failover Syntax"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:10
+msgid ""
+"The list of servers is given as a comma-separated list; any number of spaces"
+" is allowed around the comma. The servers are listed in order of preference."
+" The list can contain any number of servers."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><title>
+#: include/failover.xml:17
+msgid "The Failover Mechanism"
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:19
+msgid ""
+"The failover mechanism distinguishes between a machine and a service. The "
+"back end first tries to resolve the hostname of a given machine; if this "
+"resolution attempt fails, the machine is considered offline. No further "
+"attempts are made to connect to this machine for any other service. If the "
+"resolution attempt succeeds, the back end tries to connect to a service on "
+"this machine. If the service connection attempt fails, then only this "
+"particular service is considered offline and the back end automatically "
+"switches over to the next service. The machine is still considered online "
+"and might still be tried for another service."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:32
+msgid ""
+"Further connection attempts are made to machines or services marked as "
+"offline after a specified period of time; this is currently hard coded to 30"
+" seconds."
+msgstr ""
+
+#. type: Content of: <refsect1><refsect2><para>
+#: include/failover.xml:37
+msgid ""
+"If there are no more machines to try, the back end as a whole switches to "
+"offline mode, and then attempts to reconnect every 30 seconds."
+msgstr ""
+
+#. type: Content of: <varlistentry><term>
+#: include/param_help.xml:3
+msgid "<option>-h</option>,<option>--help</option>"
+msgstr ""
+
+#. type: Content of: <varlistentry><listitem><para>
+#: include/param_help.xml:7
+msgid "Display help message and exit."
+msgstr ""
diff --git a/src/man/po/po4a.cfg b/src/man/po/po4a.cfg
index a1c1bd1e..6b793f25 100644
--- a/src/man/po/po4a.cfg
+++ b/src/man/po/po4a.cfg
@@ -1,4 +1,4 @@
-[po4a_langs] cs uk
+[po4a_langs] cs es nl pl uk
[po4a_paths] po/sssd-docs.pot $lang:po/$lang.po
[type:docbook] sss_groupmod.8.xml $lang:$(builddir)/$lang/sss_groupmod.8.xml
[type:docbook] sssd.conf.5.xml $lang:$(builddir)/$lang/sssd.conf.5.xml