ipa/0001-Update-translations.patch

From a47dbcb21165ff4d18ba17c7837f99263f94b845 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Thu, 26 Sep 2013 11:02:25 +0200
Subject: [PATCH] Update translations from Transifex

---
 install/po/bn_IN.po |    6 +-
 install/po/ca.po    |    6 +-
 install/po/cs.po    |    6 +-
 install/po/de.po    |    6 +-
 install/po/es.po    |  140 +++-
 install/po/eu.po    |    6 +-
 install/po/fr.po    | 1941 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 install/po/id.po    |    6 +-
 install/po/ipa.pot  | 1137 +++++++++++++++---------------
 install/po/ja.po    |    6 +-
 install/po/kn.po    |    6 +-
 install/po/nl.po    |    6 +-
 install/po/pl.po    |    6 +-
 install/po/ru.po    |    6 +-
 install/po/tg.po    |    6 +-
 install/po/uk.po    |    6 +-
 install/po/zh_CN.po |    6 +-
 17 files changed, 2691 insertions(+), 611 deletions(-)

diff --git a/install/po/bn_IN.po b/install/po/bn_IN.po
index 8cd115a0ee840d7bd20680a881d9a3a606665f86..d1061081d85982146304912807026c4d4835bea6 100644
--- a/install/po/bn_IN.po
+++ b/install/po/bn_IN.po
@@ -8,16 +8,16 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: FreeIPA\n"
-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
-"newticket\n"
+"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
+"product=freeIPA\n"
 "POT-Creation-Date: 2013-08-01 16:02+0200\n"
 "PO-Revision-Date: 2013-08-01 14:06+0000\n"
 "Last-Translator: Petr Viktorin <encukou@gmail.com>\n"
 "Language-Team: Bengali (India) <anubad@lists.ankur.org.in>\n"
-"Language: bn_IN\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language: bn_IN\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 msgid "Passwords do not match"
diff --git a/install/po/ca.po b/install/po/ca.po
index 502fbc6e051854fc02d0eecf5ba32f29f1e6172c..bd1c112a0783c4d198c426bdd885525c5b57e5d5 100644
--- a/install/po/ca.po
+++ b/install/po/ca.po
@@ -7,16 +7,16 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: FreeIPA\n"
-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
-"newticket\n"
+"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
+"product=freeIPA\n"
 "POT-Creation-Date: 2013-08-01 16:02+0200\n"
 "PO-Revision-Date: 2013-08-01 14:06+0000\n"
 "Last-Translator: Petr Viktorin <encukou@gmail.com>\n"
 "Language-Team: Catalan <fedora@llistes.softcatala.org>\n"
-"Language: ca\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language: ca\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 msgid "Passwords do not match"
diff --git a/install/po/cs.po b/install/po/cs.po
index ba933a5f487afe6731476f3b75ebcd1ede1a2ec2..31ac931321c00a8f8ec1225c3a4b9770b0d853e5 100644
--- a/install/po/cs.po
+++ b/install/po/cs.po
@@ -7,17 +7,17 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: FreeIPA\n"
-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
-"newticket\n"
+"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
+"product=freeIPA\n"
 "POT-Creation-Date: 2013-08-01 16:02+0200\n"
 "PO-Revision-Date: 2013-08-01 14:06+0000\n"
 "Last-Translator: Petr Viktorin <encukou@gmail.com>\n"
 "Language-Team: Czech (http://www.transifex.com/projects/p/fedora/language/"
 "cs/)\n"
-"Language: cs\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language: cs\n"
 "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n"
 
 #, python-format
diff --git a/install/po/de.po b/install/po/de.po
index 5f8b6968973ba4e177d6a0699ac8be0bffd345c0..ec5024667fdf2c354e0665fbe2a6289240d74867 100644
--- a/install/po/de.po
+++ b/install/po/de.po
@@ -8,16 +8,16 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: FreeIPA\n"
-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
-"newticket\n"
+"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
+"product=freeIPA\n"
 "POT-Creation-Date: 2013-08-01 16:02+0200\n"
 "PO-Revision-Date: 2013-08-01 14:06+0000\n"
 "Last-Translator: Petr Viktorin <encukou@gmail.com>\n"
 "Language-Team: German <trans-de@lists.fedoraproject.org>\n"
-"Language: de\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language: de\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 #, python-format
diff --git a/install/po/es.po b/install/po/es.po
index 783bc3c874a679b5932e13e5b862ca1f2ac96c2e..abca24c4aebc323d5ab9cd1e318565d6d9623d13 100644
--- a/install/po/es.po
+++ b/install/po/es.po
@@ -3,6 +3,7 @@
 # This file is distributed under the same license as the PACKAGE package.
 #
 # Translators:
+# Adolfo Jayme Barrientos <fitoschido@ubuntu.com>, 2013
 # Eduardo Villagrán M <gotencool@gmail.com>, 2012
 # vareli <ehespinosa@ya.com>, 2013
 # Gladys Guerrero <gguerrer@redhat.com>, 2011
@@ -13,16 +14,16 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: FreeIPA\n"
-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
-"newticket\n"
+"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
+"product=freeIPA\n"
 "POT-Creation-Date: 2013-08-01 16:02+0200\n"
-"PO-Revision-Date: 2013-08-01 14:06+0000\n"
-"Last-Translator: Petr Viktorin <encukou@gmail.com>\n"
+"PO-Revision-Date: 2013-09-20 06:46+0000\n"
+"Last-Translator: Adolfo Jayme Barrientos <fitoschido@ubuntu.com>\n"
 "Language-Team: Spanish <trans-es@lists.fedoraproject.org>\n"
-"Language: es\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language: es\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 #, python-format
@@ -103,6 +104,10 @@ msgid "Client is not configured. Run ipa-client-install."
 msgstr "El cliente no está configurado. Ejecutar la API de cliente a instalar."
 
 #, python-format
+msgid "Could not get %(name)s interactively"
+msgstr "No se pudo obtener %(name)s interactivamente"
+
+#, python-format
 msgid "%(reason)s"
 msgstr "%(reason)s"
 
@@ -276,6 +281,15 @@ msgstr "Una lista de entradas LDAP"
 msgid "All commands should at least have a result"
 msgstr "Todos los comandos deberían por lo menos tener un resultado"
 
+msgid "Number of entries returned"
+msgstr "Cantidad de entradas devueltas"
+
+msgid "List of deletions that failed"
+msgstr "Lista de eliminaciones fallidas"
+
+msgid "True means the operation was successful"
+msgstr "«Verdadero» significa que la operación fue exitosa"
+
 msgid "incorrect type"
 msgstr "tipo incorrecto"
 
@@ -1409,22 +1423,50 @@ msgid "invalid IP network format"
 msgstr "formato no válido de red IP"
 
 #, python-format
+msgid "invalid domain-name: %s"
+msgstr "nombre de dominio no válido: %s"
+
+#, python-format
 msgid "DNS reverse zone for IP address %(addr)s not found"
 msgstr "Zona invertida DNS para dirección IP %(addr)s no encontrada"
 
 #, python-format
 msgid "DNS zone %(zone)s not found"
 msgstr "Zona DNS %(zone)s no encontrado"
 
+msgid "Invalid number of parts!"
+msgstr "El número de partes no es válido."
+
 msgid "IP Address"
 msgstr "Dirección IP"
 
+msgid "Subtype"
+msgstr "Subtipo"
+
 msgid "Hostname"
 msgstr "Nombre del equipo anfitrión"
 
+msgid "Certificate Type"
+msgstr "Tipo de certificado"
+
+msgid "Algorithm"
+msgstr "Algoritmo"
+
+msgid "Certificate/CRL"
+msgstr "Certificado/CRL"
+
 msgid "Target"
 msgstr "Meta"
 
+msgid "Protocol"
+msgstr "Protocolo"
+
+msgid "Public Key"
+msgstr "Clave pública"
+
+msgid "Preference"
+msgstr "Preferencia"
+
 msgid ""
 "format must be specified as\n"
 "    \"d1 [m1 [s1]] {\"N\"|\"S\"}  d2 [m2 [s2]] {\"E\"|\"W\"} alt[\"m\"] "
@@ -1452,9 +1494,45 @@ msgstr ""
 msgid "Service"
 msgstr "Servicio"
 
+msgid "Regular Expression"
+msgstr "Expresión regular"
+
 msgid "Priority"
 msgstr "Prioridad"
 
+msgid "Port"
+msgstr "Puerto"
+
+msgid "Labels"
+msgstr "Etiquetas"
+
+msgid "Original TTL"
+msgstr "TTL original"
+
+msgid "Signature Expiration"
+msgstr "Caducidad de la firma"
+
+msgid "Signer's Name"
+msgstr "Nombre del firmante"
+
+msgid "Signature"
+msgstr "Firma"
+
+msgid "Fingerprint Type"
+msgstr "Tipo de huella digital"
+
+msgid "Fingerprint"
+msgstr "Huella digital"
+
+msgid "Text Data"
+msgstr "Datos de texto"
+
+msgid "Records"
+msgstr "Registros"
+
+msgid "Record type"
+msgstr "Tipo de registro"
+
 #, python-format
 msgid "Nameserver '%(host)s' does not have a corresponding A/AAAA record"
 msgstr ""
@@ -1615,6 +1693,9 @@ msgstr "Clase"
 msgid "DNS class"
 msgstr "Clase DNS"
 
+msgid "Structured"
+msgstr "Estructurado"
+
 #, python-format
 msgid ""
 "Reverse zone for PTR record should be a sub-zone of one the following fully "
@@ -1654,6 +1735,10 @@ msgstr ""
 msgid "Delete all associated records"
 msgstr "Eliminar todos los registros asociados"
 
+#, python-format
+msgid "Zone record '%s' cannot be deleted"
+msgstr "No se puede eliminar el registro de zona «%s»"
+
 msgid "No option to delete specific record provided."
 msgstr "Ninguna opción para  borrar un registro en concreto especificado."
 
@@ -2059,6 +2144,9 @@ msgstr "Borrar miembros de un grupo de servicio HBAC."
 msgid "Simulate use of Host-based access controls"
 msgstr "Simular el uso de controles de acceso basados en Host"
 
+msgid "Warning"
+msgstr "Aviso"
+
 msgid "Matched rules"
 msgstr "Reglas coincidentes"
 
@@ -2161,6 +2249,9 @@ msgstr "Certificado del servidor codificado con base-64"
 msgid "Principal name"
 msgstr "Nombre principal"
 
+msgid "MAC address"
+msgstr "Dirección MAC"
+
 msgid "Add a new host."
 msgstr "Añadir un n uevo host."
 
@@ -2202,6 +2293,9 @@ msgstr "Ha sido modificado el equipo \"%(value)s\""
 msgid "Kerberos principal name for this host"
 msgstr "Nombre del prinicpal de Kerberos para este equipo"
 
+msgid "Update DNS entries"
+msgstr "Actualizar las entradas DNS"
+
 msgid "Password cannot be set on enrolled host."
 msgstr "La contraseña no puede ser fijada en el host matriculado."
 
@@ -2400,6 +2494,15 @@ msgstr "Cancelar"
 msgid "Close"
 msgstr "Cerrar"
 
+msgid "Disable"
+msgstr "Desactivar"
+
+msgid "Edit"
+msgstr "Editar"
+
+msgid "Enable"
+msgstr "Activar"
+
 msgid "Find"
 msgstr "Buscar"
 
@@ -2412,6 +2515,9 @@ msgstr "Tema"
 msgid "OK"
 msgstr "Aceptar"
 
+msgid "Refresh"
+msgstr "Actualizar"
+
 msgid "Delete"
 msgstr "Eliminar"
 
@@ -2427,6 +2533,9 @@ msgstr "Reintentar"
 msgid "Revoke"
 msgstr "Revocar"
 
+msgid "Set"
+msgstr "Definir"
+
 msgid "Update"
 msgstr "Actualizar"
 
@@ -2475,6 +2584,9 @@ msgstr "Esta página tiene cambios sin guardar. Por favor, guardar o deshacer."
 msgid "Unsaved Changes"
 msgstr "Cambios No Guardados"
 
+msgid "Edit ${entity}"
+msgstr "Editar ${entity}"
+
 msgid "Hide details"
 msgstr "Esconder detalles"
 
@@ -2544,6 +2656,9 @@ msgstr "Nombre de usuario"
 msgid "Attribute"
 msgstr "Atributo"
 
+msgid "Add Rule"
+msgstr "Añadir una regla"
+
 msgid "Automount Location Settings"
 msgstr "Configuración de ubicación de automount"
 
@@ -2921,6 +3036,9 @@ msgstr "Información del Empleado"
 msgid "Error changing account status"
 msgstr "Error al cambiar el estado de cuenta"
 
+msgid "Password expiration"
+msgstr "Caducidad de la contraseña"
+
 msgid "Mailing Address"
 msgstr "Dirección de correo"
 
@@ -2980,6 +3098,9 @@ msgstr ""
 msgid "Unselect All"
 msgstr "Anular selección"
 
+msgid "Disabled"
+msgstr "Desactivado"
+
 msgid "Audit"
 msgstr "Auditoría"
 
@@ -3028,6 +3149,15 @@ msgstr "El texto no coincide con el patrón de campo"
 msgid "Must be an integer"
 msgstr "Debe ser un entero"
 
+msgid "Not a valid IP address"
+msgstr "No es una dirección IP válida"
+
+msgid "Not a valid IPv4 address"
+msgstr "No es una dirección IPv4 válida"
+
+msgid "Not a valid IPv6 address"
+msgstr "No es una dirección IPv6 válida"
+
 msgid "Maximum value is ${value}"
 msgstr "Valor máximo es ${value}"
 
diff --git a/install/po/eu.po b/install/po/eu.po
index bad3c8484c93871a47c7706e2ebeb19af6a396f3..9a65d66463168b50298bb6da3390f065c8e57f83 100644
--- a/install/po/eu.po
+++ b/install/po/eu.po
@@ -7,17 +7,17 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: FreeIPA\n"
-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
-"newticket\n"
+"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
+"product=freeIPA\n"
 "POT-Creation-Date: 2013-08-01 16:02+0200\n"
 "PO-Revision-Date: 2013-08-01 14:06+0000\n"
 "Last-Translator: Petr Viktorin <encukou@gmail.com>\n"
 "Language-Team: Basque (http://www.transifex.com/projects/p/fedora/language/"
 "eu/)\n"
-"Language: eu\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language: eu\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 #, c-format
diff --git a/install/po/fr.po b/install/po/fr.po
index 9b0029d112de34a04ed207987a327e5b69c45826..22ae41f53dae55d54efb4969659f69b820624401 100644
--- a/install/po/fr.po
+++ b/install/po/fr.po
@@ -4,22 +4,25 @@
 #
 # Translators:
 # Automatically generated, 2010
+# Dralyab <geodebay@gmail.com>, 2013
+# Dralyab <geodebay@gmail.com>, 2013
+# Gé Baylard <<Geodebay@gmail.com>>, 2013
 # Jérôme Fenal <jfenal@gmail.com>, 2011-2013
 # Jérôme Fenal <jfenal@gmail.com>, 2011
 # Petr Viktorin <encukou@gmail.com>, 2013
 msgid ""
 msgstr ""
 "Project-Id-Version: FreeIPA\n"
-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
-"newticket\n"
+"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
+"product=freeIPA\n"
 "POT-Creation-Date: 2013-08-01 16:02+0200\n"
-"PO-Revision-Date: 2013-08-02 08:48+0000\n"
-"Last-Translator: Jérôme Fenal <jfenal@gmail.com>\n"
+"PO-Revision-Date: 2013-08-16 17:26+0000\n"
+"Last-Translator: Dralyab <geodebay@gmail.com>\n"
 "Language-Team: French <trans-fr@lists.fedoraproject.org>\n"
-"Language: fr\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language: fr\n"
 "Plural-Forms: nplurals=2; plural=(n > 1);\n"
 
 #, python-format
@@ -1796,6 +1799,178 @@ msgstr ""
 msgid "Nested Methods to execute"
 msgstr "Commandes imbriquées à exécuter"
 
+msgid ""
+"\n"
+"IPA certificate operations\n"
+"\n"
+"Implements a set of commands for managing server SSL certificates.\n"
+"\n"
+"Certificate requests exist in the form of a Certificate Signing Request "
+"(CSR)\n"
+"in PEM format.\n"
+"\n"
+"The dogtag CA uses just the CN value of the CSR and forces the rest of the\n"
+"subject to values configured in the server.\n"
+"\n"
+"A certificate is stored with a service principal and a service principal\n"
+"needs a host.\n"
+"\n"
+"In order to request a certificate:\n"
+"\n"
+"* The host must exist\n"
+"* The service must exist (or you use the --add option to automatically add "
+"it)\n"
+"\n"
+"SEARCHING:\n"
+"\n"
+"Certificates may be searched on by certificate subject, serial number,\n"
+"revocation reason, validity dates and the issued date.\n"
+"\n"
+"When searching on dates the _from date does a >= search and the _to date\n"
+"does a <= search. When combined these are done as an AND.\n"
+"\n"
+"Dates are treated as GMT to match the dates in the certificates.\n"
+"\n"
+"The date format is YYYY-mm-dd.\n"
+"\n"
+"EXAMPLES:\n"
+"\n"
+" Request a new certificate and add the principal:\n"
+"   ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n"
+"\n"
+" Retrieve an existing certificate:\n"
+"   ipa cert-show 1032\n"
+"\n"
+" Revoke a certificate (see RFC 5280 for reason details):\n"
+"   ipa cert-revoke --revocation-reason=6 1032\n"
+"\n"
+" Remove a certificate from revocation hold status:\n"
+"   ipa cert-remove-hold 1032\n"
+"\n"
+" Check the status of a signing request:\n"
+"   ipa cert-status 10\n"
+"\n"
+" Search for certificates by hostname:\n"
+"   ipa cert-find --subject=ipaserver.example.com\n"
+"\n"
+" Search for revoked certificates by reason:\n"
+"   ipa cert-find --revocation-reason=5\n"
+"\n"
+" Search for certificates based on issuance date\n"
+"   ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n"
+"\n"
+"IPA currently immediately issues (or declines) all certificate requests so\n"
+"the status of a request is not normally useful. This is for future use\n"
+"or the case where a CA does not immediately issue a certificate.\n"
+"\n"
+"The following revocation reasons are supported:\n"
+"\n"
+"    * 0 - unspecified\n"
+"    * 1 - keyCompromise\n"
+"    * 2 - cACompromise\n"
+"    * 3 - affiliationChanged\n"
+"    * 4 - superseded\n"
+"    * 5 - cessationOfOperation\n"
+"    * 6 - certificateHold\n"
+"    * 8 - removeFromCRL\n"
+"    * 9 - privilegeWithdrawn\n"
+"    * 10 - aACompromise\n"
+"\n"
+"Note that reason code 7 is not used.  See RFC 5280 for more details:\n"
+"\n"
+"http://www.ietf.org/rfc/rfc5280.txt\n"
+"\n"
+msgstr ""
+"\n"
+"Opérations de certification IPA\n"
+"\n"
+"Sont implémentées un ensemble de commandes pour gérer les certificats SSL du "
+"serveur.\n"
+"\n"
+"Les demandes de certification existent sous la forme de « Certificate "
+"Signing Request (CSR) »\n"
+"au format PEM.\n"
+"\n"
+"La plaque d'identité CA n'utilise que la valeur CN du CSR et force le reste "
+"du sujet aux\n"
+"valeurs configurées dans le serveur.\n"
+"\n"
+"Un certificat est enregistré avec un principal de service et un principal de "
+"service\n"
+"a besoin d'un hôte.\n"
+"\n"
+"Donc, pour demander un certificat :\n"
+"\n"
+"* l'hôte doit exister\n"
+"* le service doit exister (ou bien utilisez l'option --add pour l'ajouter "
+"automatiquement)\n"
+"\n"
+"RECHERCHE :\n"
+"\n"
+"Les certificats peuvent être recherchés par sujet, numéro de série,\n"
+"motif de révocation, dates de validité et date d'émission.\n"
+"\n"
+"En recherchant par dates, _from effectue une recherche >= à la date et _to\n"
+"une recherche <= à la date. Si elles sont combinées, elles sont équivalentes "
+"à un AND.\n"
+"\n"
+"Les dates sont traitées comme étant GMT pour correspondre aux dates des "
+"certificats.\n"
+"\n"
+"La date est au format YYYY-mm-dd.\n"
+"\n"
+"EXEMPLES :\n"
+"\n"
+" Demander un nouveau certificat et ajouter le principal :\n"
+"   ipa cert-request --add --principal=HTTP/lion.example.com example.csr\n"
+"\n"
+" Retrouver un certificat existant :\n"
+"   ipa cert-show 1032\n"
+"\n"
+" Révoquer un certificat (voir RFC 5280 pour le détail des raisons) :\n"
+"   ipa cert-revoke --revocation-reason=6 1032\n"
+"\n"
+" Lever l'état de maintien de révocation d'un certificat :\n"
+"   ipa cert-remove-hold 1032\n"
+"\n"
+" Vérifier l'état d'une demande de signature :\n"
+"   ipa cert-status 10\n"
+"\n"
+" Rechercher des certificats par nom d'hôte :\n"
+"   ipa cert-find --subject=ipaserver.example.com\n"
+"\n"
+" Rechercher les certificats révoqués par motif :\n"
+"   ipa cert-find --revocation-reason=5\n"
+"\n"
+" Rechercher les certificats selon la date d'émission :\n"
+"   ipa cert-find --issuedon-from=2013-02-01 --issuedon-to=2013-02-07\n"
+"\n"
+"Actuellement IPA émet (ou décline) immédiatement toute demande de "
+"certificat ;\n"
+"l'état de la requête n'est donc normalement pas utile. La demande est en "
+"prévision d'une\n"
+"utilisation future ou au cas où un CA n'émet pas immédiatement un "
+"certificat.\n"
+"\n"
+"Les motifs de révocation suivants sont pris en charge :\n"
+"\n"
+"    * 0 - unspecified\n"
+"    * 1 - keyCompromise\n"
+"    * 2 - cACompromise\n"
+"    * 3 - affiliationChanged\n"
+"    * 4 - superseded\n"
+"    * 5 - cessationOfOperation\n"
+"    * 6 - certificateHold\n"
+"    * 8 - removeFromCRL\n"
+"    * 9 - privilegeWithdrawn\n"
+"    * 10 - aACompromise\n"
+"\n"
+"Notez que le motif de code 7 n'est pas utilisé. Voir RFC 5280 pour plus de "
+"détails :\n"
+"\n"
+"http://www.ietf.org/rfc/rfc5280.txt\n"
+"\n"
+
 msgid "Failure decoding Certificate Signing Request:"
 msgstr "Échec dans le décodage du Certificate Signing Request :"
 
@@ -3565,6 +3740,195 @@ msgstr "Modifier la configuration DNS globale."
 msgid "Show the current global DNS configuration."
 msgstr "Afficher la configuration DNS globale."
 
+msgid ""
+"\n"
+"Groups of users\n"
+"\n"
+"Manage groups of users. By default, new groups are POSIX groups. You\n"
+"can add the --nonposix option to the group-add command to mark a new group\n"
+"as non-POSIX. You can use the --posix argument with the group-mod command\n"
+"to convert a non-POSIX group into a POSIX group. POSIX groups cannot be\n"
+"converted to non-POSIX groups.\n"
+"\n"
+"Every group must have a description.\n"
+"\n"
+"POSIX groups must have a Group ID (GID) number. Changing a GID is\n"
+"supported but can have an impact on your file permissions. It is not "
+"necessary\n"
+"to supply a GID when creating a group. IPA will generate one automatically\n"
+"if it is not provided.\n"
+"\n"
+"EXAMPLES:\n"
+"\n"
+" Add a new group:\n"
+"   ipa group-add --desc='local administrators' localadmins\n"
+"\n"
+" Add a new non-POSIX group:\n"
+"   ipa group-add --nonposix --desc='remote administrators' remoteadmins\n"
+"\n"
+" Convert a non-POSIX group to posix:\n"
+"   ipa group-mod --posix remoteadmins\n"
+"\n"
+" Add a new POSIX group with a specific Group ID number:\n"
+"   ipa group-add --gid=500 --desc='unix admins' unixadmins\n"
+"\n"
+" Add a new POSIX group and let IPA assign a Group ID number:\n"
+"   ipa group-add --desc='printer admins' printeradmins\n"
+"\n"
+" Remove a group:\n"
+"   ipa group-del unixadmins\n"
+"\n"
+" To add the \"remoteadmins\" group to the \"localadmins\" group:\n"
+"   ipa group-add-member --groups=remoteadmins localadmins\n"
+"\n"
+" Add multiple users to the \"localadmins\" group:\n"
+"   ipa group-add-member --users=test1 --users=test2 localadmins\n"
+"\n"
+" Remove a user from the \"localadmins\" group:\n"
+"   ipa group-remove-member --users=test2 localadmins\n"
+"\n"
+" Display information about a named group.\n"
+"   ipa group-show localadmins\n"
+"\n"
+"External group membership is designed to allow users from trusted domains\n"
+"to be mapped to local POSIX groups in order to actually use IPA resources.\n"
+"External members should be added to groups that specifically created as\n"
+"external and non-POSIX. Such group later should be included into one of "
+"POSIX\n"
+"groups.\n"
+"\n"
+"An external group member is currently a Security Identifier (SID) as defined "
+"by\n"
+"the trusted domain. When adding external group members, it is possible to\n"
+"specify them in either SID, or DOM\\name, or name@domain format. IPA will "
+"attempt\n"
+"to resolve passed name to SID with the use of Global Catalog of the trusted "
+"domain.\n"
+"\n"
+"Example:\n"
+"\n"
+"1. Create group for the trusted domain admins' mapping and their local POSIX "
+"group:\n"
+"\n"
+"   ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
+"--external\n"
+"   ipa group-add --desc='<ad.domain> admins' ad_admins\n"
+"\n"
+"2. Add security identifier of Domain Admins of the <ad.domain> to the "
+"ad_admins_external\n"
+"   group:\n"
+"\n"
+"   ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
+"\n"
+"3. Allow members of ad_admins_external group to be associated with ad_admins "
+"POSIX group:\n"
+"\n"
+"   ipa group-add-member ad_admins --groups ad_admins_external\n"
+"\n"
+"4. List members of external members of ad_admins_external group to see their "
+"SIDs:\n"
+"\n"
+"   ipa group-show ad_admins_external\n"
+msgstr ""
+"\n"
+"Groupes d'utilisateurs\n"
+"\n"
+"Gérer des groupes d'utilisateurs. Par défaut, les nouveaux groupes sont des "
+"groupes POSIX.\n"
+"Vous pouvez ajouter l'option --nonposix à la commande group-add pour marquer "
+"un nouveau groupe\n"
+"comme non-POSIX. Vous pouvez utiliser --posix argument avec la commande "
+"group-mod\n"
+"pour convertir un groupe non-POSIX en groupe POSIX. Des groupes POSIX ne "
+"peuvent pas être\n"
+"convertis en groupes non-POSIX.\n"
+"\n"
+"Chaque groupe doit avoir une description.\n"
+"\n"
+"Les groupes POSIX doivent avoir un numéro d'ID de groupe (GID). Modifier un "
+"GID est\n"
+"accepté mais peut avoir un impact sur vos droits d'accès aux fichiers. Il "
+"n'est pas nécessaire\n"
+"de fournir un GID à la création d'un groupe. IPA en générera un "
+"automatiquement\n"
+"s'il n'est pas indiqué.\n"
+"\n"
+"EXEMPLES :\n"
+"\n"
+" Ajouter un nouveau groupe :\n"
+"   ipa group-add --desc='local administrators' localadmins\n"
+"\n"
+" Ajouter un nouveau groupe non-POSIX :\n"
+"   ipa group-add --nonposix --desc='remote administrators' remoteadmins\n"
+"\n"
+" Convertir un groupe non-POSIX en groupe POSIX :\n"
+"   ipa group-mod --posix remoteadmins\n"
+"\n"
+" Ajouter un nouveau groupe POSIX avec un numéro d'ID de groupe donné :\n"
+"   ipa group-add --gid=500 --desc='unix admins' unixadmins\n"
+"\n"
+" Ajouter un nouveau groupe POSIX et laisser IPA assigner un numéro d'ID de "
+"groupe :\n"
+"   ipa group-add --desc='printer admins' printeradmins\n"
+"\n"
+" Supprimer un groupe :\n"
+"   ipa group-del unixadmins\n"
+"\n"
+" Ajouter le groupe « remoteadmins » au groupe « localadmins » :\n"
+"   ipa group-add-member --groups=remoteadmins localadmins\n"
+"\n"
+" Ajouter plusieurs utilisateurs au groupe « localadmins » :\n"
+"   ipa group-add-member --users=test1 --users=test2 localadmins\n"
+"\n"
+" Supprimer un utilisateur du groupe « localadmins » :\n"
+"   ipa group-remove-member --users=test2 localadmins\n"
+"\n"
+" Afficher des informations à propos d'un groupe donné :\n"
+"   ipa group-show localadmins\n"
+"\n"
+"L'appartenance d'un groupe externe est conçue pour permettre aux utilisateur "
+"de domaines de confiance\n"
+"d'être assimilés aux groupes POSIX locaux en vue d'utiliser réellement les "
+"ressources IPA.\n"
+"Des membres externes peuvent être ajoutés aux groupes spécifiquement crées "
+"comme\n"
+"externes et non-POSIX. Un tel groupe peut plus tard être incorporé dans un "
+"des groupes\n"
+"POSIX\n"
+"\n"
+"Un membre de groupe externe est actuellement identifié par un « Security "
+"Identifier (SID) » tel que défini pour\n"
+"le domaine de confiance. En ajoutant des membres de groupe externe, il est "
+"possible de les\n"
+"définir au format, soit SID, soit DOM\\name, soit name@domain. IPA essayera\n"
+"de résoudre le nom passé en SID en se servant du « Global Catalog » des "
+"domaines de confiance.\n"
+"\n"
+"Exemple:\n"
+"\n"
+"1. Créer un groupe par assimilation au domaine de confiance « admins » et à "
+"leur groupe POSIX local :\n"
+"\n"
+"   ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
+"--external\n"
+"   ipa group-add --desc='<ad.domain> admins' ad_admins\n"
+"\n"
+"2. Ajouter l'identifiant de sécurité <ad.domain> de « Domain Admins » au "
+"groupe\n"
+"   externe ad_admins_external :\n"
+"\n"
+"   ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
+"\n"
+"3. Autoriser des membres du groupe ad_admins_external à être associés au "
+"groupe POSIX ad_admins :\n"
+"\n"
+"   ipa group-add-member ad_admins --groups ad_admins_external\n"
+"\n"
+"4. Lister les membres externes du groupe ad_admins_external pour voir leur "
+"SID :\n"
+"\n"
+"   ipa group-show ad_admins_external\n"
+
 msgid "group"
 msgstr "groupe"
 
@@ -4161,6 +4525,414 @@ msgstr "Ajouter des membres à un groupe de services HBAC."
 msgid "Remove members from an HBAC service group."
 msgstr "Supprimer des membres d'un groupe de services HBAC."
 
+msgid ""
+"\n"
+"Simulate use of Host-based access controls\n"
+"\n"
+"HBAC rules control who can access what services on what hosts.\n"
+"You can use HBAC to control which users or groups can access a service,\n"
+"or group of services, on a target host.\n"
+"\n"
+"Since applying HBAC rules implies use of a production environment,\n"
+"this plugin aims to provide simulation of HBAC rules evaluation without\n"
+"having access to the production environment.\n"
+"\n"
+" Test user coming to a service on a named host against\n"
+" existing enabled rules.\n"
+"\n"
+" ipa hbactest --user= --host= --service=\n"
+"              [--rules=rules-list] [--nodetail] [--enabled] [--disabled]\n"
+"              [--sizelimit= ]\n"
+"\n"
+" --user, --host, and --service are mandatory, others are optional.\n"
+"\n"
+" If --rules is specified simulate enabling of the specified rules and test\n"
+" the login of the user using only these rules.\n"
+"\n"
+" If --enabled is specified, all enabled HBAC rules will be added to "
+"simulation\n"
+"\n"
+" If --disabled is specified, all disabled HBAC rules will be added to "
+"simulation\n"
+"\n"
+" If --nodetail is specified, do not return information about rules matched/"
+"not matched.\n"
+"\n"
+" If both --rules and --enabled are specified, apply simulation to --rules "
+"_and_\n"
+" all IPA enabled rules.\n"
+"\n"
+" If no --rules specified, simulation is run against all IPA enabled rules.\n"
+" By default there is a IPA-wide limit to number of entries fetched, you can "
+"change it\n"
+" with --sizelimit option.\n"
+"\n"
+"EXAMPLES:\n"
+"\n"
+"    1. Use all enabled HBAC rules in IPA database to simulate:\n"
+"    $ ipa  hbactest --user=a1a --host=bar --service=sshd\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"      Not matched rules: my-second-rule\n"
+"      Not matched rules: my-third-rule\n"
+"      Not matched rules: myrule\n"
+"      Matched rules: allow_all\n"
+"\n"
+"    2. Disable detailed summary of how rules were applied:\n"
+"    $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"\n"
+"    3. Test explicitly specified HBAC rules:\n"
+"    $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
+"          --rules=myrule --rules=my-second-rule\n"
+"    ---------------------\n"
+"    Access granted: False\n"
+"    ---------------------\n"
+"      Not matched rules: my-second-rule\n"
+"      Not matched rules: myrule\n"
+"\n"
+"    4. Use all enabled HBAC rules in IPA database + explicitly specified "
+"rules:\n"
+"    $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
+"          --rules=myrule --rules=my-second-rule --enabled\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"      Not matched rules: my-second-rule\n"
+"      Not matched rules: my-third-rule\n"
+"      Not matched rules: myrule\n"
+"      Matched rules: allow_all\n"
+"\n"
+"    5. Test all disabled HBAC rules in IPA database:\n"
+"    $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n"
+"    ---------------------\n"
+"    Access granted: False\n"
+"    ---------------------\n"
+"      Not matched rules: new-rule\n"
+"\n"
+"    6. Test all disabled HBAC rules in IPA database + explicitly specified "
+"rules:\n"
+"    $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
+"          --rules=myrule --rules=my-second-rule --disabled\n"
+"    ---------------------\n"
+"    Access granted: False\n"
+"    ---------------------\n"
+"      Not matched rules: my-second-rule\n"
+"      Not matched rules: my-third-rule\n"
+"      Not matched rules: myrule\n"
+"\n"
+"    7. Test all (enabled and disabled) HBAC rules in IPA database:\n"
+"    $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
+"          --enabled --disabled\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"      Not matched rules: my-second-rule\n"
+"      Not matched rules: my-third-rule\n"
+"      Not matched rules: myrule\n"
+"      Not matched rules: new-rule\n"
+"      Matched rules: allow_all\n"
+"\n"
+"\n"
+"HBACTEST AND TRUSTED DOMAINS\n"
+"\n"
+"When an external trusted domain is configured in IPA, HBAC rules are also "
+"applied\n"
+"on users accessing IPA resources from the trusted domain. Trusted domain "
+"users and\n"
+"groups (and their SIDs) can be then assigned to external groups which can "
+"be\n"
+"members of POSIX groups in IPA which can be used in HBAC rules and thus "
+"allowing\n"
+"access to resources protected by the HBAC system.\n"
+"\n"
+"hbactest plugin is capable of testing access for both local IPA users and "
+"users\n"
+"from the trusted domains, either by a fully qualified user name or by user "
+"SID.\n"
+"Such user names need to have a trusted domain specified as a short name\n"
+"(DOMAIN\\Administrator) or with a user principal name (UPN), "
+"Administrator@ad.test.\n"
+"\n"
+"Please note that hbactest executed with a trusted domain user as --user "
+"parameter\n"
+"can be only run by members of \"trust admins\" group.\n"
+"\n"
+"EXAMPLES:\n"
+"\n"
+"    1. Test if a user from a trusted domain specified by its shortname "
+"matches any\n"
+"       rule:\n"
+"\n"
+"    $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --"
+"service sshd\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"      Matched rules: allow_all\n"
+"      Matched rules: can_login\n"
+"\n"
+"    2. Test if a user from a trusted domain specified by its domain name "
+"matches\n"
+"       any rule:\n"
+"\n"
+"    $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --"
+"service sshd\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"      Matched rules: allow_all\n"
+"      Matched rules: can_login\n"
+"\n"
+"    3. Test if a user from a trusted domain specified by its SID matches any "
+"rule:\n"
+"\n"
+"    $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \\\n"
+"            --host `hostname` --service sshd\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"      Matched rules: allow_all\n"
+"      Matched rules: can_login\n"
+"\n"
+"    4. Test if other user from a trusted domain specified by its SID matches "
+"any rule:\n"
+"\n"
+"    $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \\\n"
+"            --host `hostname` --service sshd\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"      Matched rules: allow_all\n"
+"      Not matched rules: can_login\n"
+"\n"
+"   5. Test if other user from a trusted domain specified by its shortname "
+"matches\n"
+"       any rule:\n"
+"\n"
+"    $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service "
+"sshd\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"      Matched rules: allow_all\n"
+"      Not matched rules: can_login\n"
+msgstr ""
+"\n"
+"Simuler l'utilisation des contrôles d'accès fondés sur l'hôte\n"
+"\n"
+"Les règles HBAC contrôlent qui peut accéder à quel service sur quels hôtes.\n"
+"Vous pouvez utiliser HBAC pour contrôler quels utilisateurs ou quels "
+"groupes\n"
+"peuvent accéder à un service ou à un groupe de services, sur un hôte cible.\n"
+"\n"
+"Comme l'application des règles HBAC suppose l'utilisation d'un environnement "
+"de\n"
+"production, ce greffon vise à fournir une simulation de l'évaluation des "
+"règles\n"
+"HBAC sans nécessiter l'accès à l'environnement de production.\n"
+"\n"
+" Testez les règles existantes activées au regard de l'arrivée d'un "
+"utilisateur\n"
+" sur un service sur un hôte donné.\n"
+"\n"
+"ipa hbactest --user= --host= --service=⏎\n"
+"              [--rules=rules-list] [--nodetail] [--enabled] [--disabled]⏎\n"
+"              [--sizelimit= ]\n"
+"\n"
+" --user, --host et --service sont obligatoires, les autres sont "
+"optionnelles.\n"
+"\n"
+" Si --rules est défini, l'activation des règles indiquées est simulée et\n"
+" l'identifiant de l'utilisateur est testé uniquement sur ces règles.\n"
+"\n"
+" Si --enabled est défini, toutes les règles HBAC activées sont ajoutées à "
+"la\n"
+" simulation\n"
+"\n"
+" Si --disabled est défini, toutes les règles HBAC désactivées sont ajoutées\n"
+" à la simulation\n"
+"\n"
+" Si --nodetail est défini, il n'est pas renvoyé d'information sur les règles "
+"en correspondance ou pas.\n"
+"\n"
+" Si --rules et --enabled sont définis tous deux, la simulation sera "
+"appliquée à\n"
+" --rules _et_ à tous les règles IPA activées.\n"
+"\n"
+" Si --rules n'est pas défini, la simulation est lancée avec toutes les "
+"règles\n"
+" IPA activées. Par défaut, il existe une limite globale à IPA sur le nombre\n"
+" d'entrées renvoyées, vous pouvez la modifier avec l'option --sizelimit.\n"
+"\n"
+" Si --srchost est spécifié, elle sera ignorée. Elle est conservée pour des\n"
+" raisons de compatibilité uniquement.\n"
+"\n"
+"EXEMPLES :\n"
+"\n"
+"    1. Utiliser toutes les règles HBAC activées dans IPA pour la "
+"simulation :\n"
+"    $ ipa  hbactest --user=a1a --host=bar --service=sshd\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"      notmatched: my-second-rule\n"
+"      notmatched: my-third-rule\n"
+"      notmatched: myrule\n"
+"      matched: allow_all\n"
+"\n"
+"    2. Désactiver le résumé détaillé de la façon dont les règles sont "
+"appliquées :\n"
+"    $ ipa hbactest --user=a1a --host=bar --service=sshd --nodetail\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"\n"
+"    3. Tester explicitement les règles HBAC spécifiées :\n"
+"    $ ipa hbactest --user=a1a --host=bar --service=sshd          \n"
+"--rules=my-second-rule,myrule\n"
+"    ---------------------\n"
+"    Access granted: False\n"
+"    ---------------------\n"
+"      notmatched: my-second-rule\n"
+"      notmatched: myrule\n"
+"\n"
+"    4. Utiliser toutes les règles HBAC activées de la base de données IPA + "
+"les règles explicitement définies :\n"
+"    $ ipa hbactest --user=a1a --host=bar --service=sshd          \n"
+"--rules=my-second-rule,myrule --enabled\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"      notmatched: my-second-rule\n"
+"      notmatched: my-third-rule\n"
+"      notmatched: myrule\n"
+"      matched: allow_all\n"
+"\n"
+"    5. Tester toutes les règles HBAC désactivées de la base de données "
+"IPA :\n"
+"    $ ipa hbactest --user=a1a --host=bar --service=sshd --disabled\n"
+"    ---------------------\n"
+"    Access granted: False\n"
+"    ---------------------\n"
+"      notmatched: new-rule\n"
+"\n"
+"    6. Tester toutes les règles HBAC désactivées de la base de données IPA + "
+"les règles explicitement définies :\n"
+"    $ ipa hbactest --user=a1a --host=bar --service=sshd          \n"
+"--rules=my-second-rule,myrule --disabled\n"
+"    ---------------------\n"
+"    Access granted: False\n"
+"    ---------------------\n"
+"      notmatched: my-second-rule\n"
+"      notmatched: my-third-rule\n"
+"      notmatched: myrule\n"
+"\n"
+"    7. Tester toutes les règles HBAC (activées et desactivées) de la base de "
+"données IPA :\n"
+"    $ ipa hbactest --user=a1a --host=bar --service=sshd \\\n"
+"          --enabled --disabled\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"      notmatched: my-second-rule\n"
+"      notmatched: my-third-rule\n"
+"      notmatched: myrule\n"
+"      notmatched: new-rule\n"
+"      matched: allow_all\n"
+"\n"
+"\n"
+"TEST HBAC ET DOMAINES DE CONFIANCE\n"
+"\n"
+"Quand un domaine externe de confiance est configuré dans IPA, les règles "
+"HBAC sont aussi appliquées\n"
+"aux utilisateurs accédant aux ressources IPA à partir du domaine de "
+"confiance. Les utilisateurs des domaines de confiance et\n"
+"les groupes (et leurs SID) peuvent être assignés à des groupes externes "
+"pouvant être\n"
+"membres de groupes POSIX dans IPA intégrables dans les règles HBAC, ce qui "
+"autorise\n"
+"un accès aux ressources protégées par le système HBAC.\n"
+"\n"
+"Un greffon hbactest est capable de tester des accès à la fois des "
+"utilisateurs IPA locaux et des utilisateurs\n"
+"de domaines de confiance avec, soit le nom d'utilisateur pleinement "
+"qualifié, soit le SID utilisateur.\n"
+"De tels noms d'utilisateur doivent avoir un domaine de confiance précisé en "
+"nom court\n"
+"(DOMAINE/Administrateur) ou avec un nom de principal (UPN),  "
+"Administrator@ad.test.\n"
+"\n"
+"Veuillez noter que hbactest exécuté avec un utilisateur de domaine de "
+"confiance en tant que paramètre --user\n"
+"ne peut être lancé que des membres du groupe des « administrateurs de "
+"confiance ».\n"
+"\n"
+"EXEMPLES :\n"
+"\n"
+"    1. Tester si un utilisateur d'un domaine de confiance défini par son nom "
+"court\n"
+"       s'accorde à toute règle :\n"
+"\n"
+"    $ ipa hbactest --user 'DOMAIN\\Administrator' --host `hostname` --"
+"service sshd\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"      Matched rules: allow_all\n"
+"      Matched rules: can_login\n"
+"\n"
+"    2. Tester si un utilisateur d'un domaine de confiance défini par son nom "
+"de domaine\n"
+"       s'accorde à toute règle :\n"
+"\n"
+"    $ ipa hbactest --user 'Administrator@domain.com' --host `hostname` --"
+"service sshd\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"      Matched rules: allow_all\n"
+"      Matched rules: can_login\n"
+"\n"
+"    3. Tester si un utilisateur d'un domaine de confiance défini par son "
+"SID\n"
+"       s'accorde à toute règle :\n"
+"\n"
+"    $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-500 \\\n"
+"            --host `hostname` --service sshd\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"      Matched rules: allow_all\n"
+"      Matched rules: can_login\n"
+"\n"
+"    4. Tester si un autre utilisateur d'un domaine de confiance défini par "
+"son SID\n"
+"       s'accorde à toute règle :\n"
+"\n"
+"    $ ipa hbactest --user S-1-5-21-3035198329-144811719-1378114514-1203 \\\n"
+"            --host `hostname` --service sshd\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"      Matched rules: allow_all\n"
+"      Not matched rules: can_login\n"
+"\n"
+"    5. Tester si un autre utilisateur d'un domaine de confiance défini par "
+"son nom court\n"
+"       s'accorde à toute règle :\n"
+"\n"
+"    $ ipa hbactest --user 'DOMAIN\\Otheruser' --host `hostname` --service "
+"sshd\n"
+"    --------------------\n"
+"    Access granted: True\n"
+"    --------------------\n"
+"      Matched rules: allow_all\n"
+"      Not matched rules: can_login\n"
+
 msgid "Simulate use of Host-based access controls"
 msgstr "Simulation de règles de contrôle d'accès basé sur les systèmes"
 
@@ -4627,6 +5399,312 @@ msgstr "Ajouter des membres à un groupe de systèmes."
 msgid "Remove members from a hostgroup."
 msgstr "Supprimer des membres d'un groupe de systèmes."
 
+msgid ""
+"\n"
+"ID ranges\n"
+"\n"
+"Manage ID ranges  used to map Posix IDs to SIDs and back.\n"
+"\n"
+"There are two type of ID ranges which are both handled by this utility:\n"
+"\n"
+" - the ID ranges of the local domain\n"
+" - the ID ranges of trusted remote domains\n"
+"\n"
+"Both types have the following attributes in common:\n"
+"\n"
+" - base-id: the first ID of the Posix ID range\n"
+" - range-size: the size of the range\n"
+"\n"
+"With those two attributes a range object can reserve the Posix IDs starting\n"
+"with base-id up to but not including base-id+range-size exclusively.\n"
+"\n"
+"Additionally an ID range of the local domain may set\n"
+" - rid-base: the first RID(*) of the corresponding RID range\n"
+" - secondary-rid-base: first RID of the secondary RID range\n"
+"\n"
+"and an ID range of a trusted domain must set\n"
+" - rid-base: the first RID of the corresponding RID range\n"
+" - sid: domain SID of the trusted domain\n"
+"\n"
+"\n"
+"\n"
+"EXAMPLE: Add a new ID range for a trusted domain\n"
+"\n"
+"Since there might be more than one trusted domain the domain SID must be "
+"given\n"
+"while creating the ID range.\n"
+"\n"
+"  ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=0 \\\n"
+"                  --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n"
+"\n"
+"This ID range is then used by the IPA server and the SSSD IPA provider to\n"
+"assign Posix UIDs to users from the trusted domain.\n"
+"\n"
+"If e.g a range for a trusted domain is configured with the following "
+"values:\n"
+" base-id = 1200000\n"
+" range-size = 200000\n"
+" rid-base = 0\n"
+"the RIDs 0 to 199999 are mapped to the Posix ID from 1200000 to 13999999. "
+"So\n"
+"RID 1000 <-> Posix ID 1201000\n"
+"\n"
+"\n"
+"\n"
+"EXAMPLE: Add a new ID range for the local domain\n"
+"\n"
+"To create an ID range for the local domain it is not necessary to specify a\n"
+"domain SID. But since it is possible that a user and a group can have the "
+"same\n"
+"value as Posix ID a second RID interval is needed to handle conflicts.\n"
+"\n"
+"  ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=1000 \\\n"
+"                  --secondary-rid-base=1000000 local_range\n"
+"\n"
+"The data from the ID ranges of the local domain are used by the IPA server\n"
+"internally to assign SIDs to IPA users and groups. The SID will then be "
+"stored\n"
+"in the user or group objects.\n"
+"\n"
+"If e.g. the ID range for the local domain is configured with the values "
+"from\n"
+"the example above then a new user with the UID 1200007 will get the RID "
+"1007.\n"
+"If this RID is already used by a group the RID will be 1000007. This can "
+"only\n"
+"happen if a user or a group object was created with a fixed ID because the\n"
+"automatic assignment will not assign the same ID twice. Since there are "
+"only\n"
+"users and groups sharing the same ID namespace it is sufficient to have "
+"only\n"
+"one fallback range to handle conflicts.\n"
+"\n"
+"To find the Posix ID for a given RID from the local domain it has to be\n"
+"checked first if the RID falls in the primary or secondary RID range and\n"
+"the rid-base or the secondary-rid-base has to be subtracted, respectively,\n"
+"and the base-id has to be added to get the Posix ID.\n"
+"\n"
+"Typically the creation of ID ranges happens behind the scenes and this CLI\n"
+"must not be used at all. The ID range for the local domain will be created\n"
+"during installation or upgrade from an older version. The ID range for a\n"
+"trusted domain will be created together with the trust by 'ipa trust-"
+"add ...'.\n"
+"\n"
+"USE CASES:\n"
+"\n"
+"  Add an ID range from a transitively trusted domain\n"
+"\n"
+"    If the trusted domain (A) trusts another domain (B) as well and this "
+"trust\n"
+"    is transitive 'ipa trust-add domain-A' will only create a range for\n"
+"    domain A.  The ID range for domain B must be added manually.\n"
+"\n"
+"  Add an additional ID range for the local domain\n"
+"\n"
+"    If the ID range of the local domain is exhausted, i.e. no new IDs can "
+"be\n"
+"    assigned to Posix users or groups by the DNA plugin, a new range has to "
+"be\n"
+"    created to allow new users and groups to be added. (Currently there is "
+"no\n"
+"    connection between this range CLI and the DNA plugin, but a future "
+"version\n"
+"    might be able to modify the configuration of the DNS plugin as well)\n"
+"\n"
+"In general it is not necessary to modify or delete ID ranges. If there is "
+"no\n"
+"other way to achieve a certain configuration than to modify or delete an ID\n"
+"range it should be done with great care. Because UIDs are stored in the "
+"file\n"
+"system and are used for access control it might be possible that users are\n"
+"allowed to access files of other users if an ID range got deleted and "
+"reused\n"
+"for a different domain.\n"
+"\n"
+"(*) The RID is typically the last integer of a user or group SID which "
+"follows\n"
+"the domain SID. E.g. if the domain SID is S-1-5-21-123-456-789 and a user "
+"from\n"
+"this domain has the SID S-1-5-21-123-456-789-1010 then 1010 id the RID of "
+"the\n"
+"user. RIDs are unique in a domain, 32bit values and are used for users and\n"
+"groups.\n"
+"\n"
+"WARNING:\n"
+"\n"
+"DNA plugin in 389-ds will allocate IDs based on the ranges configured for "
+"the\n"
+"local domain. Currently the DNA plugin *cannot* be reconfigured itself "
+"based\n"
+"on the local ranges set via this family of commands.\n"
+"\n"
+"Manual configuration change has to be done in the DNA plugin configuration "
+"for\n"
+"the new local range. Specifically, The dnaNextRange attribute of 'cn=Posix\n"
+"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has to "
+"be\n"
+"modified to match the new range.\n"
+msgstr ""
+"\n"
+"Plages d'identifiants\n"
+"\n"
+"Gérer les plages d'ID faisant correspondre les ID Posix avec les SID et "
+"inversement.\n"
+"\n"
+"Il y a deux types de plages d'ID gérées par cet utilitaire :\n"
+"\n"
+" - les plages d'ID du domaine local\n"
+" - les plages d'ID des domaines de confiance distants\n"
+"\n"
+"Les deux types ont les attributs suivants en commun :\n"
+"\n"
+" - base-id: le premier ID de la plage des ID Posix\n"
+" - range-size: la taille de la plage\n"
+"\n"
+"Avec ces deux attributs un objet plage peut réserver le point de départ des "
+"ID Posix\n"
+"avec base-id jusqu'à base-id+range-size non inclus exclusivement.\n"
+"\n"
+"En plus une plage d'ID du domaine local peut déterminer\n"
+" - rid-base : le premier RID(*) de la plage de RID correspondante\n"
+" - secondary-rid-base : le premier RID de la plage RID secondaire\n"
+"\n"
+"et une plage d'ID d'un domaine de confiance peut déterminer\n"
+" - rid-base : le premier RID de la plage de RID correspondante\n"
+" - sid : le domaine SID du domaine de confiance\n"
+"\n"
+"\n"
+"\n"
+"EXEMPLE : Ajouter une nouvelle plage d'ID pour un domaine de confiance\n"
+"\n"
+"Étant donné qu'il peut y avoir plus d'un domaine de confiance, le SID du "
+"domaine\n"
+"doit être donné lors de la création de la plage.\n"
+"\n"
+"  ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=0 \\\n"
+"                  --dom-sid=S-1-5-21-123-456-789 trusted_dom_range\n"
+"\n"
+"Cette plage d'ID est ensuite utilisée par le serveur IPA et le fournisseur "
+"SSSD IPA pour\n"
+"assigner des UID Posix aux utilisateurs du domaine de confiance.\n"
+"\n"
+"Si par ex. une plage pour un domaine de confiance est configurée avec les "
+"valeurs suivantes :\n"
+" base-id = 1200000\n"
+" range-size = 200000\n"
+" rid-base = 0\n"
+"les RID de 0 à 199999 sont associés aux ID Posix de 1200000 à 13999999. "
+"Donc\n"
+"RID 1000 <-> Posix ID 1201000\n"
+"\n"
+"\n"
+"\n"
+"EXEMPLE: Ajouter une nouvelle plage d'ID pour le domaine local\n"
+"\n"
+"Pour créer une plage d'ID pour le domaine local il n'est pas nécessaire de "
+"définir un\n"
+"SID de domaine. Mais comme il est possible qu'un utilisateur et un groupe "
+"aient une même \n"
+"valeur comme ID Posix un second intervalle RID est nécessaire pour éviter "
+"les conflits.\n"
+"\n"
+"  ipa idrange-add --base-id=1200000 --range-size=200000 --rid-base=1000 \\\n"
+"                  --secondary-rid-base=1000000 local_range\n"
+"\n"
+"Les données des plages d'ID du domaine local sont utilisées en interne par "
+"le serveur IPA\n"
+"pour assigner des SID aux utilisateurs et aux groupes IPA. Le SID sera alors "
+"enregistré\n"
+"dans les objets utilisateur ou groupe.\n"
+"\n"
+"Si par ex. la plage d'ID du domaine local est configurée pour les valeurs "
+"de\n"
+"l'exemple ci-dessus alors un nouvel utilisateur avec l'UID 1200007 aura le "
+"RID 1007.\n"
+"Si ce RID est déjà utilié par un groupe le RID sera 1000007. Ceci ne peut "
+"arriver\n"
+"que si un objet utilisateur ou groupe a été créé avec un ID donné parce que\n"
+"l'assignation automatique n'assigne pas le même ID deux fois. Étant donné "
+"qu'il n'y a que\n"
+"les utilisateurs et les groupes partageant le même ID de nom d'espace, il "
+"suffit d'avoir\n"
+"une seule plage de recours pour gérer les conflits.\n"
+"\n"
+"Pour trouver l'ID Posix pour un RID donné dans le domaine local il faut "
+"d'abord\n"
+"vérifier si le RID tombe dans la première ou la deuxième plage de RID ;\n"
+"le rid-base ou le secondary-rid-base seront respectivement à soustraire,\n"
+"et le base-id à ajouter pour obtenir l'ID Posix.\n"
+"\n"
+"Généralement la création des plages d'ID s'effectue en arrière-plan et ce "
+"CLI\n"
+"n'a pas besoin d'être du tout utilisé. Les plages d'ID pour le domaine local "
+"seront créées\n"
+"à l'installation ou au cours de la mise à jour d'une version précédente. La "
+"plage d'ID pour un\n"
+"domaine de confiance sera créé en même temps que la confiance par 'ipa trust-"
+"add ...'.\n"
+"\n"
+"CAS PRATIQUES :\n"
+"\n"
+"  Ajouter une plage d'ID pour un domaine de confiance par transition\n"
+"\n"
+"    Si le domaine de confiance (A) fait confiance à un domaine (B) et que "
+"cette confiance\n"
+"    est transitive 'ipa trust-add domain-A' ne créera de plage que pour le "
+"domaine A.\n"
+"    La plage d'ID pour le  domaine B doit être ajoutée manuellement.\n"
+"\n"
+"  Ajouter une plage d'ID supplémentaire pour le domaine local\n"
+"\n"
+"    Si la plage d'ID du domaine local est épuisée, i.e. qu'aucun nouvel ID "
+"ne peut être\n"
+"    assigné aux utilisateurs ou groupes Posix par le greffon DNA, il faut "
+"créer une nouvelle\n"
+"    plage pour permettre l'ajout de nouveaux utilisateurs ou groupes "
+"(actuellement il n'y a\n"
+"    pas de connexion entre cette plage CLI et le greffon DNA, mais une "
+"future version\n"
+"    sera capable de modifier de même la configuration du greffon DNS).\n"
+"\n"
+"En règle générale il n'est pas nécessaire de modifier ou supprimer les "
+"plages d'ID. S'il\n"
+"n'y a pas d'autre moyen de mener à bien un configuration donnée qu'en "
+"modifiant ou supprimant\n"
+"une plage d'ID cela doit être fait avec grand soin. Comme les UID sont "
+"enregistrés dans le\n"
+"fichier système et sont utilisés pour les contrôles d'accès il se pourrait "
+"que des\n"
+"utilisateurs soit autorisés à avoir accès à des fichiers d'autres "
+"utilisateurs si une plage\n"
+"d'ID a été détruite puis réutilisée pour un domaine différent.\n"
+"\n"
+"(*) Le RID est généralement le dernier entier du SID d'un utilisateur ou "
+"d'un groupe suivant\n"
+"le SID du domaine. Ex. si le SID du domaine est S-1-5-21-123-456-789 et "
+"qu'un utilisateur de\n"
+"ce domaine a le SID S-1-5-21-123-456-789-1010, alors 010 est le RID de "
+"l'utilisateur. Les RID\n"
+"sont uniques dans un domaine, ce sont des valeurs sur 32 bits utilisées pour "
+"les utilisateurs\n"
+"et les groupes.\n"
+"\n"
+"AVERTISSEMENT :\n"
+"\n"
+"Le greffon DNA dans 389-ds alloue des ID selon les plages configurées pour "
+"le\n"
+"domaine local. Actuellement le greffon DNA *ne peut pas* être lui-même "
+"reconfiguré selon\n"
+"les plages locales définies par cette famille de commandes.\n"
+"\n"
+"Une modification manuelle de la configuration du greffon DNA doit être "
+"effectuée pour\n"
+"la nouvelle plage locale. Généralement, l'attribut dnaNextRange de "
+"« cn=Posix\n"
+"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config » doit "
+"être\n"
+"modifié pour correspondre à la nouvelle plage.\n"
+
 msgid "ID Ranges"
 msgstr "Plages d'ID"
 
@@ -4700,6 +5778,84 @@ msgstr ""
 msgid "SID is not recognized as a valid SID for a trusted domain"
 msgstr "Le SID n'est pas reconnu comme SID valide pour un domaine approuvé"
 
+msgid ""
+"\n"
+"    Add new ID range.\n"
+"\n"
+"    To add a new ID range you always have to specify\n"
+"\n"
+"        --base-id\n"
+"        --range-size\n"
+"\n"
+"    Additionally\n"
+"\n"
+"        --rid-base\n"
+"        --secondary-rid-base\n"
+"\n"
+"    may be given for a new ID range for the local domain while\n"
+"\n"
+"        --rid-base\n"
+"        --dom-sid\n"
+"\n"
+"    must be given to add a new range for a trusted AD domain.\n"
+"\n"
+"    WARNING:\n"
+"\n"
+"    DNA plugin in 389-ds will allocate IDs based on the ranges configured "
+"for the\n"
+"    local domain. Currently the DNA plugin *cannot* be reconfigured itself "
+"based\n"
+"    on the local ranges set via this family of commands.\n"
+"\n"
+"    Manual configuration change has to be done in the DNA plugin "
+"configuration for\n"
+"    the new local range. Specifically, The dnaNextRange attribute of "
+"'cn=Posix\n"
+"    IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config' has "
+"to be\n"
+"    modified to match the new range.\n"
+"    "
+msgstr ""
+"\n"
+"Ajouter une nouvelle plage d'identifiants.\n"
+"\n"
+"Pour ajouter une nouvelle plage d'identifiants vous devez toujours préciser\n"
+"\n"
+"--base-id\n"
+"--range-size\n"
+"\n"
+"En outre\n"
+"\n"
+"--rid-base\n"
+"--secondary-rid-base\n"
+"\n"
+"doivent être indiqués pour une nouvelle plage d'identifiants dans le domaine "
+"local alors que\n"
+"\n"
+"--rid-base\n"
+"--dom-sid\n"
+"\n"
+"doivent l'être pour ajouter une nouvelle plage pour  un domaine AD de "
+"confiance.\n"
+"\n"
+"AVERTISSEMENT&nbsp;:\n"
+"\n"
+"Le greffon DNA dans 389-ds allouera des ID suivant les plages configurées au "
+"titre du\n"
+"domaine local. Actuellement le greffon DNA *ne peut pas* être lui-même "
+"reconfiguré selon\n"
+"les plages locales définies par l'intermédiaire de cette famille de "
+"commandes.\n"
+"\n"
+"Un changement manuel de configuration doit être opéré dans la configuration "
+"du greffon DNA pour\n"
+"la nouvelle plage locale. En particulier, l'attribut dnaNextRange de "
+"« cn=Posix\n"
+"IDs,cn=Distributed Numeric Assignment Plugin,cn=plugins,cn=config » doivent "
+"être modifiés\n"
+"pour correspondre à cette nouvelle plage.\n"
+"    "
+
 #, python-format
 msgid "Added ID range \"%(value)s\""
 msgstr "Plage d'ID « %(value)s » ajoutée"
@@ -6098,6 +7254,227 @@ msgstr "Afficher la politique de ticket Kerberos."
 msgid "Reset Kerberos ticket policy to the default values."
 msgstr "Réinitialiser la politique de ticket Kerberos."
 
+msgid ""
+"\n"
+"Migration to IPA\n"
+"\n"
+"Migrate users and groups from an LDAP server to IPA.\n"
+"\n"
+"This performs an LDAP query against the remote server searching for\n"
+"users and groups in a container. In order to migrate passwords you need\n"
+"to bind as a user that can read the userPassword attribute on the remote\n"
+"server. This is generally restricted to high-level admins such as\n"
+"cn=Directory Manager in 389-ds (this is the default bind user).\n"
+"\n"
+"The default user container is ou=People.\n"
+"\n"
+"The default group container is ou=Groups.\n"
+"\n"
+"Users and groups that already exist on the IPA server are skipped.\n"
+"\n"
+"Two LDAP schemas define how group members are stored: RFC2307 and\n"
+"RFC2307bis. RFC2307bis uses member and uniquemember to specify group\n"
+"members, RFC2307 uses memberUid. The default schema is RFC2307bis.\n"
+"\n"
+"The schema compat feature allows IPA to reformat data for systems that\n"
+"do not support RFC2307bis. It is recommended that this feature is disabled\n"
+"during migration to reduce system overhead. It can be re-enabled after\n"
+"migration. To migrate with it enabled use the \"--with-compat\" option.\n"
+"\n"
+"Migrated users do not have Kerberos credentials, they have only their\n"
+"LDAP password. To complete the migration process, users need to go\n"
+"to http://ipa.example.com/ipa/migration and authenticate using their\n"
+"LDAP password in order to generate their Kerberos credentials.\n"
+"\n"
+"Migration is disabled by default. Use the command ipa config-mod to\n"
+"enable it:\n"
+"\n"
+" ipa config-mod --enable-migration=TRUE\n"
+"\n"
+"If a base DN is not provided with --basedn then IPA will use either\n"
+"the value of defaultNamingContext if it is set or the first value\n"
+"in namingContexts set in the root of the remote LDAP server.\n"
+"\n"
+"Users are added as members to the default user group. This can be a\n"
+"time-intensive task so during migration this is done in a batch\n"
+"mode for every 100 users. As a result there will be a window in which\n"
+"users will be added to IPA but will not be members of the default\n"
+"user group.\n"
+"\n"
+"EXAMPLES:\n"
+"\n"
+" The simplest migration, accepting all defaults:\n"
+"   ipa migrate-ds ldap://ds.example.com:389\n"
+"\n"
+" Specify the user and group container. This can be used to migrate user\n"
+" and group data from an IPA v1 server:\n"
+"   ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n"
+"       --group-container='cn=groups,cn=accounts' \\\n"
+"       ldap://ds.example.com:389\n"
+"\n"
+" Since IPA v2 server already contain predefined groups that may collide "
+"with\n"
+" groups in migrated (IPA v1) server (for example admins, ipausers), users\n"
+" having colliding group as their primary group may happen to belong to\n"
+" an unknown group on new IPA v2 server.\n"
+" Use --group-overwrite-gid option to overwrite GID of already existing "
+"groups\n"
+" to prevent this issue:\n"
+"    ipa migrate-ds --group-overwrite-gid \\\n"
+"        --user-container='cn=users,cn=accounts' \\\n"
+"        --group-container='cn=groups,cn=accounts' \\\n"
+"        ldap://ds.example.com:389\n"
+"\n"
+" Migrated users or groups may have object class and accompanied attributes\n"
+" unknown to the IPA v2 server. These object classes and attributes may be\n"
+" left out of the migration process:\n"
+"    ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n"
+"       --group-container='cn=groups,cn=accounts' \\\n"
+"       --user-ignore-objectclass=radiusprofile \\\n"
+"       --user-ignore-attribute=radiusgroupname \\\n"
+"       ldap://ds.example.com:389\n"
+"\n"
+"LOGGING\n"
+"\n"
+"Migration will log warnings and errors to the Apache error log. This\n"
+"file should be evaluated post-migration to correct or investigate any\n"
+"issues that were discovered.\n"
+"\n"
+"For every 100 users migrated an info-level message will be displayed to\n"
+"give the current progress and duration to make it possible to track\n"
+"the progress of migration.\n"
+"\n"
+"If the log level is debug, either by setting debug = True in\n"
+"/etc/ipa/default.conf or /etc/ipa/server.conf, then an entry will be "
+"printed\n"
+"for each user added plus a summary when the default user group is\n"
+"updated.\n"
+msgstr ""
+"\n"
+"Migration vers IPA\n"
+"\n"
+"Faire migrer des utilisateurs et des groupes d'un serveur LDAP vers IPA.\n"
+"\n"
+"Ceci réalise une requête LDAP sur le serveur distant pour rechercher\n"
+"utilisateurs et groupes dans un conteneur. Pour faire migrer les mots de "
+"passe, vous devez\n"
+"vous connecter en tant qu'utilisateur capable de lire l'attribut "
+"userPassword sur le serveur\n"
+"distant. La chose est généralement réservée aux administrateurs de haut "
+"niveau comme le\n"
+"cn=Directory Manager dans 389-ds (utilisateur de la connexion par défaut).\n"
+"\n"
+"Par défaut, le conteneur utilisateur est ou=People.\n"
+"\n"
+"Par défaut, le conteneur groupe est ou=Groups.\n"
+"\n"
+"Utilisateurs et groupes préexistants sur le serveur IPA sont laissés de "
+"côté.\n"
+"\n"
+"Deux schémas LDAP définissent comment les membres du groupe sont "
+"enregistrés : RFC2307 et\n"
+"RFC2307bis. RFC2307bis utilise member et uniquemember pour définir les "
+"membres du groupe,\n"
+"RFC2307 utilise memberUid. Le schéma par défaut est RFC2307bis.\n"
+"\n"
+"La fonctionnalité du schéma compat autorise IPA à formater à nouveau les "
+"données pour les\n"
+"systèmes ne prenant pas en charge RFC2307bis. Il est recommandé de "
+"désactiver cette fonction\n"
+"pendant la migration pour éviter des dépassements de capacité. Vous la "
+"réactiverez après\n"
+"migration. Pour faire la migration avec la fonction activée,utilisez "
+"l'option \"--with-compat\".\n"
+"\n"
+"Les utilisateurs émigrés n'ont pas de références Kerberos, ils n'ont que "
+"leur mot de passe\n"
+"LDAP. Pour achever le processus de migration, les utilisateurs doivent aller "
+"à la page\n"
+"http://ipa.example.com/ipa/migration et s'authentifier en utilisant leur mot "
+"de passe\n"
+"LDAP pour générer leur justificatif d'identité Kerberos.\n"
+"\n"
+"Par défaut, la migration est désactivée. Utilisez la commande ipa config-mod "
+"pour\n"
+"l'activer :\n"
+"\n"
+" ipa config-mod --enable-migration=TRUE\n"
+"\n"
+"Si un DN de base n'est pas indiqué avec --basedn, IPA utilise alors, soit\n"
+"la valeur de defaultNamingContext si elle est définie, soit la première "
+"valeur fixée\n"
+"dans namingContexts dans la racine du serveur LDAP distant.\n"
+"\n"
+"Les utilisateurs sont ajoutés comme membres du groupe utilisateur par "
+"défaut. Cela peut être\n"
+"une tâche consommatrice de temps, ainsi pendant la migration cela se fait en "
+"mode batch\n"
+"tous les 100 utilisateurs. Il en résulte une fenêtre dans laquelle les "
+"utilisateurs sont\n"
+"ajoutés à IPA mais sans être des membres du groupe d'utilisateurs par "
+"défaut.\n"
+"\n"
+"\n"
+"EXEMPLES :\n"
+"\n"
+" La migration la plus simple, acceptant tous les paramètres par défaut :\n"
+"   ipa migrate-ds ldap://ds.example.com:389\n"
+"\n"
+" En précisant le conteneur utilisateur et groupe. S'utilise pour migrer les "
+"données\n"
+" utilisateur et groupe d'un serveur IPA v1 :\n"
+"   ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n"
+"       --group-container='cn=groups,cn=accounts' \\\n"
+"       ldap://ds.example.com:389\n"
+"\n"
+" Comme un serveur IPA v2 comporte déjà des groupes prédéfinis pouvant entrer "
+"en conflit avec\n"
+" des groupes du serveur IPA v1) migré (par exemple admins, ipausers), des "
+"utilisateurs avec\n"
+" un groupe conflictuel comme groupe principal peuvent se voir rattachés à un "
+"groupe inconnu\n"
+" sur le nouveau serveur IPA v2.\n"
+" Utilisez l'option --group-overwrite-gid pour écraser le GID des groupes "
+"préexistants\n"
+" afin d'éviter ce problème :\n"
+"    ipa migrate-ds --group-overwrite-gid \\\n"
+"        --user-container='cn=users,cn=accounts' \\\n"
+"        --group-container='cn=groups,cn=accounts' \\\n"
+"        ldap://ds.example.com:389\n"
+"\n"
+" Des utilisateurs ou des groupes migrés peuvent posséder des classes d'objet "
+"et des attributs\n"
+" accompagnants inconnus du serveur IPA v2. Ces classes d'objets et attributs "
+"doivent être\n"
+" tenus hors du processus de migration :\n"
+"    ipa migrate-ds --user-container='cn=users,cn=accounts' \\\n"
+"       --group-container='cn=groups,cn=accounts' \\\n"
+"       --user-ignore-objectclass=radiusprofile \\\n"
+"       --user-ignore-attribute=radiusgroupname \\\n"
+"       ldap://ds.example.com:389\n"
+"\n"
+"JOURNALISATION\n"
+"\n"
+"La migration déclenchera des avertissements et des erreurs sur le journal "
+"d'erreurs Apache.\n"
+"Ce fichier devra être examiné après la migration pour corriger ou enquêter "
+"sur tout problème\n"
+"qui apparaîtrait.\n"
+"\n"
+"Tous les 100 utilisateurs migrés un message de niveau info est affiché "
+"indiquant\n"
+"l'avancement en cours et la durée écoulée pour permettre un suivi du "
+"processus\n"
+"de progression de la migration.\n"
+"\n"
+"Si le niveau de journalisation est debug, soit en définissant debug = True "
+"dans\n"
+"/etc/ipa/default.conf ou /etc/ipa/server.conf, alors une entrée sera "
+"affichée\n"
+"pour chaque utilisateur plus un résumé quand le groupe utilisateur par "
+"défaut\n"
+"est mis à jour.\n"
+
 #, python-format
 msgid ""
 "Kerberos principal %s already exists. Use 'ipa user-mod' to set it manually."
@@ -7133,6 +8510,47 @@ msgstr "Afficher la politique effective sur un utilisateur spécifique"
 msgid "Search for group password policies."
 msgstr "Rechercher des politiques de mot de passe de groupe."
 
+msgid ""
+"\n"
+"Realm domains\n"
+"\n"
+"Manage the list of domains associated with IPA realm.\n"
+"\n"
+"EXAMPLES:\n"
+"\n"
+" Display the current list of realm domains:\n"
+"   ipa realmdomains-show\n"
+"\n"
+" Replace the list of realm domains:\n"
+"   ipa realmdomains-mod --domain=example.com\n"
+"   ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n"
+"\n"
+" Add a domain to the list of realm domains:\n"
+"   ipa realmdomains-mod --add-domain=newdomain.com\n"
+"\n"
+" Delete a domain from the list of realm domains:\n"
+"   ipa realmdomains-mod --del-domain=olddomain.com\n"
+msgstr ""
+"\n"
+"Domaines du royaume\n"
+"\n"
+"Gérer la liste des domaines associés au royaume IPA.\n"
+"\n"
+"EXEMPLES:\n"
+"\n"
+" Afficher la liste actuelle des domaines du royaume :\n"
+"   ipa realmdomains-show\n"
+"\n"
+" Remplacer la liste des domaines du royaume :\n"
+"   ipa realmdomains-mod --domain=example.com\n"
+"   ipa realmdomains-mod --domain={example1.com,example2.com,example3.com}\n"
+"\n"
+" Ajouter un domaine à la liste des domaines du royaume :\n"
+"   ipa realmdomains-mod --add-domain=newdomain.com\n"
+"\n"
+" Supprimer un domaine de la liste des domaines du royaume :\n"
+"   ipa realmdomains-mod --del-domain=olddomain.com\n"
+
 msgid "Realm domains"
 msgstr "Domaines"
 
@@ -7657,6 +9075,139 @@ msgstr ""
 "Supprimer des systèmes et groupes de systèmes cibles d'une règle de "
 "correspondance d'utilisateurs SELinux"
 
+msgid ""
+"\n"
+"Services\n"
+"\n"
+"A IPA service represents a service that runs on a host. The IPA service\n"
+"record can store a Kerberos principal, an SSL certificate, or both.\n"
+"\n"
+"An IPA service can be managed directly from a machine, provided that\n"
+"machine has been given the correct permission. This is true even for\n"
+"machines other than the one the service is associated with. For example,\n"
+"requesting an SSL certificate using the host service principal credentials\n"
+"of the host. To manage a service using host credentials you need to\n"
+"kinit as the host:\n"
+"\n"
+" # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n"
+"\n"
+"Adding an IPA service allows the associated service to request an SSL\n"
+"certificate or keytab, but this is performed as a separate step; they\n"
+"are not produced as a result of adding the service.\n"
+"\n"
+"Only the public aspect of a certificate is stored in a service record;\n"
+"the private key is not stored.\n"
+"\n"
+"EXAMPLES:\n"
+"\n"
+" Add a new IPA service:\n"
+"   ipa service-add HTTP/web.example.com\n"
+"\n"
+" Allow a host to manage an IPA service certificate:\n"
+"   ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n"
+"   ipa role-add-member --hosts=web.example.com certadmin\n"
+"\n"
+" Override a default list of supported PAC types for the service:\n"
+"   ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n"
+"\n"
+"   A typical use case where overriding the PAC type is needed is NFS.\n"
+"   Currently the related code in the Linux kernel can only handle Kerberos\n"
+"   tickets up to a maximal size. Since the PAC data can become quite large "
+"it\n"
+"   is recommended to set --pac-type=NONE for NFS services.\n"
+"\n"
+" Delete an IPA service:\n"
+"   ipa service-del HTTP/web.example.com\n"
+"\n"
+" Find all IPA services associated with a host:\n"
+"   ipa service-find web.example.com\n"
+"\n"
+" Find all HTTP services:\n"
+"   ipa service-find HTTP\n"
+"\n"
+" Disable the service Kerberos key and SSL certificate:\n"
+"   ipa service-disable HTTP/web.example.com\n"
+"\n"
+" Request a certificate for an IPA service:\n"
+"   ipa cert-request --principal=HTTP/web.example.com example.csr\n"
+"\n"
+" Generate and retrieve a keytab for an IPA service:\n"
+"   ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/"
+"httpd.keytab\n"
+"\n"
+msgstr ""
+"\n"
+"Services\n"
+"\n"
+"Un service IPA est un service qui s'exécute sur un hôte. L'enregistrement du "
+"service IPA\n"
+"peut comporter un principal Kerberos, un certificat SSL ou les deux.\n"
+"\n"
+"Un service IPA peut être directement géré à partir d'une machine, pour "
+"autant que des\n"
+"autorisations d'accès correctes aient été fournies à la machine. Ceci est "
+"vrai même pour\n"
+"les machines autres que celle à laquelle le service est associé. Par "
+"exemple,\n"
+"demander un certificat SSL en utilisant les justificatifs d'identité du "
+"principal du service\n"
+"hôte de l'hôte. Pour gérer un service en utilisant les références de l'hôte, "
+"vous devrez\n"
+"exécuter kinit en tant qu'hôte :\n"
+"\n"
+" # kinit -kt /etc/krb5.keytab host/ipa.example.com@EXAMPLE.COM\n"
+"\n"
+"Ajouter un service IPA permet au service associé de demander un certificat "
+"SSL ou\n"
+"un tableau de clés, mais cela est réalisé dans une étape distincte ; cela "
+"n'est pas\n"
+"le résultat de l'ajout du service.\n"
+"\n"
+"Seule la composante publique du certificat est stockée dans un "
+"enregistrement de service ;\n"
+"la clé privée n'y est pas mise.\n"
+"\n"
+"EXEMPLES:\n"
+"\n"
+" Ajouter un nouveau service IPA :\n"
+"   ipa service-add HTTP/web.example.com\n"
+"\n"
+" Autoriser un hôte à gérer un certificat de service IPA :\n"
+"   ipa service-add-host --hosts=web.example.com HTTP/web.example.com\n"
+"   ipa role-add-member --hosts=web.example.com certadmin\n"
+"\n"
+" Écraser la liste par défaut des types PAC pris en charge par le service :\n"
+"   ipa service-mod HTTP/web.example.com --pac-type=MS-PAC\n"
+"\n"
+"   Un cas classique de l'utilisation de l'écrasement du type PAC est "
+"nécessaire avec NFS.\n"
+"   Actuellement le code relatif à cette fonction dans le noyau Linux ne gère "
+"les tickets\n"
+"   Kerberos que jusqu'à une taille maximale donnée. Comme les données PAC "
+"peuvent devenir\n"
+"   bien plus grandes, il est recommandé de fixer --pac-type=NONE pour les "
+"services NFS.\n"
+"\n"
+" Supprimer un service IPA :\n"
+"   ipa service-del HTTP/web.example.com\n"
+"\n"
+" Trouver tous les services IPA associés à un hôte :\n"
+"   ipa service-find web.example.com\n"
+"\n"
+" Trouver tous les service HTTP :\n"
+"   ipa service-find HTTP\n"
+"\n"
+" Désactiver la clé du service Kerberos key et le certificat SSL :\n"
+"   ipa service-disable HTTP/web.example.com\n"
+"\n"
+" Réclamer un certificat pour un service IPA :\n"
+"   ipa cert-request --principal=HTTP/web.example.com example.csr\n"
+"\n"
+" Générer et retrouver un tableau de clés pour un service IPA :\n"
+"   ipa-getkeytab -s ipa.example.com -p HTTP/web.example.com -k /etc/httpd/"
+"httpd.keytab\n"
+"\n"
+
 msgid "Requires pre-authentication"
 msgstr "Nécessite une pré-authentification"
 
@@ -7935,6 +9486,82 @@ msgstr "Ajouter des membres à un groupe de commandes Sudo."
 msgid "Remove members from Sudo Command Group."
 msgstr "Supprimer des membres d'un groupe de commandes Sudo."
 
+msgid ""
+"\n"
+"Sudo Rules\n"
+"\n"
+"Sudo (su \"do\") allows a system administrator to delegate authority to\n"
+"give certain users (or groups of users) the ability to run some (or all)\n"
+"commands as root or another user while providing an audit trail of the\n"
+"commands and their arguments.\n"
+"\n"
+"FreeIPA provides a means to configure the various aspects of Sudo:\n"
+"   Users: The user(s)/group(s) allowed to invoke Sudo.\n"
+"   Hosts: The host(s)/hostgroup(s) which the user is allowed to to invoke "
+"Sudo.\n"
+"   Allow Command: The specific command(s) permitted to be run via Sudo.\n"
+"   Deny Command: The specific command(s) prohibited to be run via Sudo.\n"
+"   RunAsUser: The user(s) or group(s) of users whose rights Sudo will be "
+"invoked with.\n"
+"   RunAsGroup: The group(s) whose gid rights Sudo will be invoked with.\n"
+"   Options: The various Sudoers Options that can modify Sudo's behavior.\n"
+"\n"
+"An order can be added to a sudorule to control the order in which they\n"
+"are evaluated (if the client supports it). This order is an integer and\n"
+"must be unique.\n"
+"\n"
+"FreeIPA provides a designated binddn to use with Sudo located at:\n"
+"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n"
+"\n"
+"To enable the binddn run the following command to set the password:\n"
+"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -"
+"ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example,"
+"dc=com\n"
+"\n"
+"For more information, see the FreeIPA Documentation to Sudo.\n"
+msgstr ""
+"\n"
+"Règles Sudo\n"
+"\n"
+"Sudo (su « do ») permet à un administrateur système de donner l'autorisation "
+"à certains\n"
+"utilisateurs (ou groupes d'utilisateurs) d'exécuter certaines (ou toute)\n"
+"commandes en tant qu'utilisateur root ou autre, tout en fournissant une "
+"piste de vérification\n"
+"des commandes et de leurs arguments.\n"
+"\n"
+"FreeIPA donne des possibilités de configurer divers aspects de Sudo :\n"
+"   Users : les utilisateurs ou groupes autorisés à faire appel à Sudo.\n"
+"   Hosts : les hôtes ou groupes d'hôtes sur lesquels l'utilisateur peut "
+"faire appel à Sudo.\n"
+"   Allow Command : les commandes précises pouvant être lancées via Sudo.\n"
+"   Deny Command : les commandes précises ne pouvant pas être lancées via "
+"Sudo.\n"
+"   RunAsUser : utilisateurs ou groupes ayant des droits Sudo avec lesquels "
+"il sera fait appel.\n"
+"   RunAsGroup : les groupes dont le gid permet de faire appel avec certains "
+"droits Sudo.\n"
+"   Options : les diverses options Sudoers susceptibles de modifier le "
+"comportement de Sudo.\n"
+"\n"
+"Un numéro d'ordre peut être ajouté à des règles Sudo pour contrôler l'ordre "
+"dans lequel\n"
+"elles sont évaluées (si le client la prend en charge). Ce numéro d'ordre est "
+"un entier et\n"
+"doit être unique.\n"
+"\n"
+"FreeIPA met à disposition un binddn conçu pour être utilisé avec Sudo situé "
+"à :\n"
+"uid=sudo,cn=sysaccounts,cn=etc,dc=example,dc=com\n"
+"\n"
+"Pour activer binddn, exécutez la commande ci-après pour définir le mot de "
+"passe :\n"
+"LDAPTLS_CACERT=/etc/ipa/ca.crt /usr/bin/ldappasswd -S -W -h ipa.example.com -"
+"ZZ -D \"cn=Directory Manager\" uid=sudo,cn=sysaccounts,cn=etc,dc=example,"
+"dc=com\n"
+"\n"
+"Pour plus d'informations, voyez la documentation FreeIPA de Sudo.\n"
+
 msgid "Commands for controlling sudo configuration"
 msgstr "Commandes pour le contrôle d'une configuration sudo"
 
@@ -8174,6 +9801,214 @@ msgstr "Retirer une option d'une règle Sudo."
 msgid "Removed option \"%(option)s\" from Sudo Rule \"%(rule)s\""
 msgstr "Option \"%(option)s\" supprimée de la règle Sudo \"%(rule)s\""
 
+msgid ""
+"\n"
+"Cross-realm trusts\n"
+"\n"
+"Manage trust relationship between IPA and Active Directory domains.\n"
+"\n"
+"In order to allow users from a remote domain to access resources in IPA\n"
+"domain, trust relationship needs to be established. Currently IPA supports\n"
+"only trusts between IPA and Active Directory domains under control of "
+"Windows\n"
+"Server 2008 or later, with functional level 2008 or later.\n"
+"\n"
+"Please note that DNS on both IPA and Active Directory domain sides should "
+"be\n"
+"configured properly to discover each other. Trust relationship relies on\n"
+"ability to discover special resources in the other domain via DNS records.\n"
+"\n"
+"Examples:\n"
+"\n"
+"1. Establish cross-realm trust with Active Directory using AD administrator\n"
+"   credentials:\n"
+"\n"
+"   ipa trust-add --type=ad <ad.domain> --admin <AD domain administrator> --"
+"password\n"
+"\n"
+"2. List all existing trust relationships:\n"
+"\n"
+"   ipa trust-find\n"
+"\n"
+"3. Show details of the specific trust relationship:\n"
+"\n"
+"   ipa trust-show <ad.domain>\n"
+"\n"
+"4. Delete existing trust relationship:\n"
+"\n"
+"   ipa trust-del <ad.domain>\n"
+"\n"
+"Once trust relationship is established, remote users will need to be mapped\n"
+"to local POSIX groups in order to actually use IPA resources. The mapping "
+"should\n"
+"be done via use of external membership of non-POSIX group and then this "
+"group\n"
+"should be included into one of local POSIX groups.\n"
+"\n"
+"Example:\n"
+"\n"
+"1. Create group for the trusted domain admins' mapping and their local POSIX "
+"group:\n"
+"\n"
+"   ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
+"--external\n"
+"   ipa group-add --desc='<ad.domain> admins' ad_admins\n"
+"\n"
+"2. Add security identifier of Domain Admins of the <ad.domain> to the "
+"ad_admins_external\n"
+"   group:\n"
+"\n"
+"   ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
+"\n"
+"3. Allow members of ad_admins_external group to be associated with ad_admins "
+"POSIX group:\n"
+"\n"
+"   ipa group-add-member ad_admins --groups ad_admins_external\n"
+"\n"
+"4. List members of external members of ad_admins_external group to see their "
+"SIDs:\n"
+"\n"
+"   ipa group-show ad_admins_external\n"
+"\n"
+"\n"
+"GLOBAL TRUST CONFIGURATION\n"
+"\n"
+"When IPA AD trust subpackage is installed and ipa-adtrust-install is run,\n"
+"a local domain configuration (SID, GUID, NetBIOS name) is generated. These\n"
+"identifiers are then used when communicating with a trusted domain of the\n"
+"particular type.\n"
+"\n"
+"1. Show global trust configuration for Active Directory type of trusts:\n"
+"\n"
+"   ipa trustconfig-show --type ad\n"
+"\n"
+"2. Modify global configuration for all trusts of Active Directory type and "
+"set\n"
+"   a different fallback primary group (fallback primary group GID is used "
+"as\n"
+"   a primary user GID if user authenticating to IPA domain does not have any "
+"other\n"
+"   primary GID already set):\n"
+"\n"
+"   ipa trustconfig-mod --type ad --fallback-primary-group \"alternative AD "
+"group\"\n"
+"\n"
+"3. Change primary fallback group back to default hidden group (any group "
+"with\n"
+"   posixGroup object class is allowed):\n"
+"\n"
+"   ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB Group"
+"\"\n"
+msgstr ""
+"\n"
+"Confiance croisée entre royaumes\n"
+"\n"
+"Gérer les relations de confiance entre les domaines IPA et Active "
+"Directory.\n"
+"\n"
+"Pour permettre aux utilisateurs d'un domaine distant l'accès aux ressources "
+"d'un domaine IPA,\n"
+"des relations de confiance doivent être établies. Actuellement IPA ne prend "
+"en charge que\n"
+"la confiance entre des domaines IPA et Active Directory sous le contrôle de "
+"Windows\n"
+"Server 2008 ou ultérieur, avec le niveau fonctionnel 2008 ou ultérieur.\n"
+"\n"
+"Veuillez noter que DNS doit être correctement configuré à la fois côté "
+"domaine IPA et côté\n"
+"Active Directory pour une découverte mutuelle. La relation de confiance "
+"repose sur la capacité\n"
+"à repérer des ressources spéciales dans l'autre domaine via des "
+"enregistrements DNS.\n"
+"\n"
+"Exemples :\n"
+"\n"
+"1. Établir des relations de confiance croisées entre royaume avec Active "
+"Directory avec les\n"
+"autorisations d'accès de l'administrateur AD :\n"
+"\n"
+"   ipa trust-add --type=ad <ad.domain> --admin <AD domain administrator> --"
+"password\n"
+"\n"
+"2. Lister toutes les relations de confiance existantes :\n"
+"\n"
+"   ipa trust-find\n"
+"\n"
+"3. Voir les détails d'une relation de confiance donnée :\n"
+"\n"
+"   ipa trust-show <ad.domain>\n"
+"\n"
+"4. Supprimer une relation de confiance existante :\n"
+"\n"
+"   ipa trust-del <ad.domain>\n"
+"\n"
+"Une fois la relation de confiance établie, les utilisateurs distants doivent "
+"être mis en\n"
+"relation avec des groupes POSIX locaux pour utiliser réellement des "
+"ressources IPA. La\n"
+"relation doit se faire via l'appartenance à un groupe non-POSIX externe, "
+"puis ce groupe\n"
+"doit être intégré dans un des groupes POSIX locaux.\n"
+"\n"
+"Exemple :\n"
+"\n"
+"1. Créer un groupe pour la mise en relation avec le domaine de confiance "
+"admins et leur\n"
+"   groupe POSIX local :\n"
+"\n"
+"   ipa group-add --desc='<ad.domain> admins external map' ad_admins_external "
+"--external\n"
+"   ipa group-add --desc='<ad.domain> admins' ad_admins\n"
+"\n"
+"2. Ajouter un identifiant de sécurité de <ad.domain> de Domain Admins au "
+"groupe\n"
+"   externe ad_admins :\n"
+"\n"
+"   ipa group-add-member ad_admins_external --external 'AD\\Domain Admins'\n"
+"\n"
+"3. Associer des membres du groupe ad_admins_external avec le groupe POSIX "
+"ad_admins :\n"
+"\n"
+"   ipa group-add-member ad_admins --groups ad_admins_external\n"
+"\n"
+"4. Lister les membrer externes du groupe externe ad_admins_external pour "
+"voir leur SID :\n"
+"\n"
+"   ipa group-show ad_admins_external\n"
+"\n"
+"\n"
+"CONFIGURATION D'UNE CONFIANCE GLOBALE\n"
+"\n"
+"Quand le sous-paquet IPA AD trust est installé et ipa-adtrust-install est "
+"exécuté,\n"
+"une configuration de domaine local (SID, GUID, nom NetBIOS) est créée. Ces "
+"identifiants\n"
+"sont alors utilisés lors de communications avec un domaine de confiance\n"
+"de type particulier.\n"
+"\n"
+"1. Afficher la configuration de confiance globale pour les types de "
+"confiance Active Directory :\n"
+"\n"
+"   ipa trustconfig-show --type ad\n"
+"\n"
+"2. Modifier la configuration globale de toutes les confiances de type Active "
+"Directory et\n"
+"   définir un groupe principal de recours (le GID du groupe principal de "
+"recours est utilisé\n"
+"   comme GID d'utilisateur pricipal si l'utilisateur s'authentifiant auprès "
+"du domaine IPA\n"
+"   n'a pas d'autre GID principal déjà défini) :\n"
+"\n"
+"   ipa trustconfig-mod --type ad --fallback-primary-group \"alternative AD "
+"group\"\n"
+"\n"
+"3. Revenir au groupe caché par défaut comme groupe de recours principal "
+"(tout groupe de la\n"
+"   classe objet posixGroup est autorisé) :\n"
+"\n"
+"   ipa trustconfig-mod --type ad --fallback-primary-group \"Default SMB Group"
+"\"\n"
+
 msgid "Non-Active Directory domain"
 msgstr "Domaine non-Active Directory"
 
@@ -8223,6 +10058,37 @@ msgstr "liste noire de SID sortante"
 msgid "invalid SID: %(value)s"
 msgstr "SID invalide : %(value)s"
 
+msgid ""
+"\n"
+"Add new trust to use.\n"
+"\n"
+"This command establishes trust relationship to another domain\n"
+"which becomes 'trusted'. As result, users of the trusted domain\n"
+"may access resources of this domain.\n"
+"\n"
+"Only trusts to Active Directory domains are supported right now.\n"
+"\n"
+"The command can be safely run multiple times against the same domain,\n"
+"this will cause change to trust relationship credentials on both\n"
+"sides.\n"
+"    "
+msgstr ""
+"\n"
+"Ajout d'une nouvelle relation de confiance.\n"
+"\n"
+"Cette commande établit une relation de confiance avec un autre domaine\n"
+"qui ainsi devient « de confiance ». En conséquence, des utilisateurs du "
+"domaine de confiance\n"
+"peuvent avoir accès aux ressources de ce domaine.\n"
+"\n"
+"Actuellement, seules les relations de confiance avec les domaines Active "
+"Directory sont prises en charge.\n"
+"\n"
+"Cette commande peut être lancée plusieurs fois en toute sécurité à "
+"l'encontre du même domaine,\n"
+"elle modifiera les références de la relation de confiance des deux côtés.\n"
+"    "
+
 msgid "Active Directory domain administrator"
 msgstr "Administrateur du domaine Active Directory"
 
@@ -8315,6 +10181,9 @@ msgstr ""
 "déjà. La plage d'ID pour le nouveau domaine approuvé doit être créée "
 "manuellement."
 
+msgid "range type change"
+msgstr "modifier le type de plage"
+
 msgid ""
 "ID range for the trusted domain already exists, but it has a different type. "
 "Please remove the old range manually, or do not enforce type via --range-"
@@ -8758,6 +10627,64 @@ msgstr ""
 msgid "Unlocked account \"%(value)s\""
 msgstr "Compte utilisateur \"%(value)s\" déverrouillé"
 
+msgid ""
+"\n"
+"    Lockout status of a user account\n"
+"\n"
+"    An account may become locked if the password is entered incorrectly too\n"
+"    many times within a specific time period as controlled by password\n"
+"    policy. A locked account is a temporary condition and may be unlocked "
+"by\n"
+"    an administrator.\n"
+"\n"
+"    This connects to each IPA master and displays the lockout status on\n"
+"    each one.\n"
+"\n"
+"    To determine whether an account is locked on a given server you need\n"
+"    to compare the number of failed logins and the time of the last "
+"failure.\n"
+"    For an account to be locked it must exceed the maxfail failures within\n"
+"    the failinterval duration as specified in the password policy "
+"associated\n"
+"    with the user.\n"
+"\n"
+"    The failed login counter is modified only when a user attempts a log in\n"
+"    so it is possible that an account may appear locked but the last failed\n"
+"    login attempt is older than the lockouttime of the password policy. "
+"This\n"
+"    means that the user may attempt a login again. "
+msgstr ""
+"\n"
+"    Verrouillage de l'état d'un compte utilisateur\n"
+"\n"
+"    Un compte peut être verrouillé si un mot de passe incorrect est entre à "
+"plusieurs\n"
+"    reprises pendant une période de temps donnée selon la règle de contrôle "
+"des mots de\n"
+"    passe. Le verrouillage du compte est un état temporaire ; le compte peut "
+"être\n"
+"    déverrouillé par un administrateur.\n"
+"\n"
+"    Ce dernier se connecte sur l'IPA maître et affiche l'état verrouillé de\n"
+"    chacun.\n"
+"\n"
+"    Pour savoir si un compte est verrouillé sur un serveur donné, vous "
+"devez\n"
+"    comparer le nombre d'échecs de connexion et l'heure du dernier échec.\n"
+"    Pour qu'un compte soit verrouillé, le nombre d'échecs doit dépasser le "
+"maximum\n"
+"    autorisé dans le délai voulu tel que défini dans la règle pour le mot de "
+"passe\n"
+"    correspondant à l'utilisateur.\n"
+"\n"
+"    Le compteur d'échecs de connexion n'est modifié que lorsqu'un "
+"utilisateur tente une\n"
+"    connexion, il est donc possible qu'un compte apparaisse bloqué mais que "
+"la dernière\n"
+"    tentative de connexion soit antérieure à la durée de verrouillage de la "
+"règle. Cela\n"
+"    signifie que l'utilisateur peut tenter de connecter à nouveau."
+
 #, python-format
 msgid "%(host)s failed: %(error)s"
 msgstr "%(host)s en échec : %(error)s"
@@ -9436,7 +11363,7 @@ msgid "Hostname of this server"
 msgstr "Nom de système de ce serveur"
 
 msgid "hostname"
-msgstr "non de système"
+msgstr "nom de système"
 
 msgid "IPA Server to use"
 msgstr "Serveur IPA à utiliser"
@@ -9527,7 +11454,7 @@ msgstr "Échec lors de l'ouverture de la keytab « %1$s » : %2$s\n"
 
 #, c-format
 msgid "Closing keytab failed\n"
-msgstr "La fermeture du keytab a échoué\n"
+msgstr "La fermeture du tableau des clés a échoué\n"
 
 #, c-format
 msgid "krb5_kt_close %1$d: %2$s\n"
diff --git a/install/po/id.po b/install/po/id.po
index 2d97536909453f188c46e5021d0e19524532a8be..61c47a64f3085457925b183dccc6b6ef4f1186de 100644
--- a/install/po/id.po
+++ b/install/po/id.po
@@ -8,16 +8,16 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: FreeIPA\n"
-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
-"newticket\n"
+"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
+"product=freeIPA\n"
 "POT-Creation-Date: 2013-08-01 16:02+0200\n"
 "PO-Revision-Date: 2013-08-01 14:06+0000\n"
 "Last-Translator: Petr Viktorin <encukou@gmail.com>\n"
 "Language-Team: Indonesian <trans-id@lists.fedoraproject.org>\n"
-"Language: id\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language: id\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
 
 #, python-format
diff --git a/install/po/ipa.pot b/install/po/ipa.pot
index ded39abf0101810e252582492e17ac3608554efb..12f7863bc8f6e2f3d22b950f9a4e67319f17e5cb 100644
--- a/install/po/ipa.pot
+++ b/install/po/ipa.pot
@@ -9,7 +9,7 @@ msgstr ""
 "Project-Id-Version: ipa\n"
 "Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
 "newticket\n"
-"POT-Creation-Date: 2013-08-01 16:02+0200\n"
+"POT-Creation-Date: 2013-09-26 10:57+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -438,29 +438,29 @@ msgstr ""
 msgid "%(name)s certificate is not valid"
 msgstr ""
 
-#: ipalib/frontend.py:411
+#: ipalib/frontend.py:412
 msgid "Results are truncated, try a more specific search"
 msgstr ""
 
-#: ipalib/frontend.py:530
+#: ipalib/frontend.py:531
 #, python-format
 msgid "Unknown option: %(option)s"
 msgstr ""
 
-#: ipalib/frontend.py:902
+#: ipalib/frontend.py:903
 msgid ""
 "Retrieve and print all attributes from the server. Affects command output."
 msgstr ""
 
-#: ipalib/frontend.py:908
+#: ipalib/frontend.py:909
 msgid "Print entries as stored on the server. Only affects output format."
 msgstr ""
 
-#: ipalib/frontend.py:914 ipalib/plugins/batch.py:69
+#: ipalib/frontend.py:915 ipalib/plugins/batch.py:69
 msgid "Client version. Used to determine if server will accept request."
 msgstr ""
 
-#: ipalib/frontend.py:1087
+#: ipalib/frontend.py:1088
 msgid "Forward to server instead of running locally"
 msgstr ""
 
@@ -953,7 +953,7 @@ msgstr ""
 #: ipalib/plugins/automember.py:176 ipalib/plugins/automount.py:579
 #: ipalib/plugins/group.py:155 ipalib/plugins/hbacrule.py:179
 #: ipalib/plugins/hbacsvc.py:79 ipalib/plugins/hbacsvcgroup.py:73
-#: ipalib/plugins/host.py:266 ipalib/plugins/hostgroup.py:90
+#: ipalib/plugins/host.py:268 ipalib/plugins/hostgroup.py:90
 #: ipalib/plugins/netgroup.py:122 ipalib/plugins/privilege.py:73
 #: ipalib/plugins/role.py:92 ipalib/plugins/selinuxusermap.py:184
 #: ipalib/plugins/sudocmd.py:77 ipalib/plugins/sudocmdgroup.py:78
@@ -1272,7 +1272,7 @@ msgstr ""
 msgid "Automount Location"
 msgstr ""
 
-#: ipalib/plugins/automount.py:215 ipalib/plugins/host.py:276
+#: ipalib/plugins/automount.py:215 ipalib/plugins/host.py:278
 msgid "Location"
 msgstr ""
 
@@ -1554,7 +1554,7 @@ msgid "Display an automount key."
 msgstr ""
 
 #: ipalib/plugins/baseldap.py:41 ipalib/plugins/internal.py:280
-#: ipalib/plugins/internal.py:632 ipalib/plugins/migration.py:491
+#: ipalib/plugins/internal.py:633 ipalib/plugins/migration.py:491
 #: ipalib/plugins/user.py:289
 msgid "Password"
 msgstr ""
@@ -1999,40 +1999,40 @@ msgid "automatically add the principal if it doesn't exist"
 msgstr ""
 
 #: ipalib/plugins/cert.py:269 ipalib/plugins/cert.py:481
-#: ipalib/plugins/host.py:305 ipalib/plugins/internal.py:319
+#: ipalib/plugins/host.py:307 ipalib/plugins/internal.py:319
 #: ipalib/plugins/service.py:328
 msgid "Certificate"
 msgstr ""
 
 #: ipalib/plugins/cert.py:272 ipalib/plugins/cert.py:484
 #: ipalib/plugins/cert.py:638 ipalib/plugins/cert.py:639
-#: ipalib/plugins/host.py:165 ipalib/plugins/internal.py:332
+#: ipalib/plugins/host.py:167 ipalib/plugins/internal.py:332
 #: ipalib/plugins/service.py:102
 msgid "Subject"
 msgstr ""
 
 #: ipalib/plugins/cert.py:275 ipalib/plugins/cert.py:487
-#: ipalib/plugins/host.py:174 ipalib/plugins/service.py:111
+#: ipalib/plugins/host.py:176 ipalib/plugins/service.py:111
 msgid "Issuer"
 msgstr ""
 
 #: ipalib/plugins/cert.py:278 ipalib/plugins/cert.py:490
-#: ipalib/plugins/host.py:177 ipalib/plugins/service.py:114
+#: ipalib/plugins/host.py:179 ipalib/plugins/service.py:114
 msgid "Not Before"
 msgstr ""
 
 #: ipalib/plugins/cert.py:281 ipalib/plugins/cert.py:493
-#: ipalib/plugins/host.py:180 ipalib/plugins/service.py:117
+#: ipalib/plugins/host.py:182 ipalib/plugins/service.py:117
 msgid "Not After"
 msgstr ""
 
 #: ipalib/plugins/cert.py:284 ipalib/plugins/cert.py:496
-#: ipalib/plugins/host.py:183 ipalib/plugins/service.py:120
+#: ipalib/plugins/host.py:185 ipalib/plugins/service.py:120
 msgid "Fingerprint (MD5)"
 msgstr ""
 
 #: ipalib/plugins/cert.py:287 ipalib/plugins/cert.py:499
-#: ipalib/plugins/host.py:186 ipalib/plugins/service.py:123
+#: ipalib/plugins/host.py:188 ipalib/plugins/service.py:123
 msgid "Fingerprint (SHA1)"
 msgstr ""
 
@@ -2107,7 +2107,7 @@ msgstr ""
 msgid "Retrieve an existing certificate."
 msgstr ""
 
-#: ipalib/plugins/cert.py:502 ipalib/plugins/host.py:189
+#: ipalib/plugins/cert.py:502 ipalib/plugins/host.py:191
 #: ipalib/plugins/internal.py:329 ipalib/plugins/internal.py:358
 #: ipalib/plugins/service.py:126
 msgid "Revocation reason"
@@ -2206,8 +2206,8 @@ msgid "Maximum number of certs returned"
 msgstr ""
 
 #: ipalib/plugins/cert.py:713 ipalib/plugins/internal.py:366
-#: ipalib/plugins/internal.py:472 ipalib/plugins/internal.py:551
-#: ipalib/plugins/internal.py:658
+#: ipalib/plugins/internal.py:472 ipalib/plugins/internal.py:552
+#: ipalib/plugins/internal.py:659
 msgid "Status"
 msgstr ""
 
@@ -2556,7 +2556,7 @@ msgstr[1] ""
 msgid "Display information about a delegation."
 msgstr ""
 
-#: ipalib/plugins/dns.py:40
+#: ipalib/plugins/dns.py:41
 msgid ""
 "\n"
 "Domain Name System (DNS)\n"
@@ -2767,243 +2767,243 @@ msgid ""
 "   ipa dnsconfig-mod --forwarder=10.0.0.1\n"
 msgstr ""
 
-#: ipalib/plugins/dns.py:292
+#: ipalib/plugins/dns.py:293
 #, python-format
 msgid "invalid IP address version (is %(value)d, must be %(required_value)d)!"
 msgstr ""
 
-#: ipalib/plugins/dns.py:295
+#: ipalib/plugins/dns.py:296
 msgid "invalid IP address format"
 msgstr ""
 
-#: ipalib/plugins/dns.py:308
+#: ipalib/plugins/dns.py:309
 msgid "invalid IP network format"
 msgstr ""
 
-#: ipalib/plugins/dns.py:317
+#: ipalib/plugins/dns.py:318
 msgid "each ACL element must be terminated with a semicolon"
 msgstr ""
 
-#: ipalib/plugins/dns.py:334
+#: ipalib/plugins/dns.py:335
 msgid "invalid address format"
 msgstr ""
 
-#: ipalib/plugins/dns.py:378 ipalib/plugins/dns.py:421
+#: ipalib/plugins/dns.py:379 ipalib/plugins/dns.py:422
 #, python-format
 msgid "invalid domain-name: %s"
 msgstr ""
 
-#: ipalib/plugins/dns.py:407
+#: ipalib/plugins/dns.py:408
 #, python-format
 msgid "%(port)s is not a valid port"
 msgstr ""
 
-#: ipalib/plugins/dns.py:483
+#: ipalib/plugins/dns.py:484
 #, python-format
 msgid "DNS reverse zone for IP address %(addr)s not found"
 msgstr ""
 
-#: ipalib/plugins/dns.py:495
+#: ipalib/plugins/dns.py:496
 #, python-format
 msgid "DNS zone %(zone)s not found"
 msgstr ""
 
-#: ipalib/plugins/dns.py:509
+#: ipalib/plugins/dns.py:510
 #, python-format
 msgid "IP address %(ip)s is already assigned in domain %(domain)s."
 msgstr ""
 
-#: ipalib/plugins/dns.py:522
+#: ipalib/plugins/dns.py:523
 #, python-format
 msgid ""
 "Reverse record for IP address %(ip)s already exists in reverse zone %(zone)s."
 msgstr ""
 
-#: ipalib/plugins/dns.py:558
+#: ipalib/plugins/dns.py:559
 #, python-format
 msgid "%s record"
 msgstr ""
 
-#: ipalib/plugins/dns.py:560
-#, python-format
-msgid "Raw %s records"
-msgstr ""
-
 #: ipalib/plugins/dns.py:561
 #, python-format
-msgid "%s Record"
+msgid "Raw %s records"
 msgstr ""
 
 #: ipalib/plugins/dns.py:562
 #, python-format
+msgid "%s Record"
+msgstr ""
+
+#: ipalib/plugins/dns.py:563
+#, python-format
 msgid "(see RFC %s for details)"
 msgstr ""
 
-#: ipalib/plugins/dns.py:618
+#: ipalib/plugins/dns.py:619
 #, python-format
 msgid "'%s' is a required part of DNS record"
 msgstr ""
 
-#: ipalib/plugins/dns.py:625
+#: ipalib/plugins/dns.py:626
 msgid "Invalid number of parts!"
 msgstr ""
 
-#: ipalib/plugins/dns.py:680
+#: ipalib/plugins/dns.py:681
 #, python-format
 msgid "DNS RR type \"%s\" is not supported by bind-dyndb-ldap plugin"
 msgstr ""
 
-#: ipalib/plugins/dns.py:696
+#: ipalib/plugins/dns.py:697
 #, python-format
 msgid "format must be specified as \"%(format)s\" %(rfcs)s"
 msgstr ""
 
-#: ipalib/plugins/dns.py:820
-msgid "Create reverse"
-msgstr ""
-
 #: ipalib/plugins/dns.py:821
+msgid "Create reverse"
+msgstr ""
+
+#: ipalib/plugins/dns.py:822
 msgid "Create reverse record for this IP Address"
 msgstr ""
 
-#: ipalib/plugins/dns.py:856
+#: ipalib/plugins/dns.py:857
 #, python-format
 msgid "Cannot create reverse record for \"%(value)s\": %(exc)s"
 msgstr ""
 
-#: ipalib/plugins/dns.py:865 ipalib/plugins/dns.py:888
-#: ipalib/plugins/host.py:405
+#: ipalib/plugins/dns.py:866 ipalib/plugins/dns.py:889
+#: ipalib/plugins/host.py:407
 msgid "IP Address"
 msgstr ""
 
-#: ipalib/plugins/dns.py:874 ipalib/plugins/dns.py:1485
+#: ipalib/plugins/dns.py:875 ipalib/plugins/dns.py:1486
 msgid "Record data"
 msgstr ""
 
-#: ipalib/plugins/dns.py:897
+#: ipalib/plugins/dns.py:898
 msgid "Subtype"
 msgstr ""
 
-#: ipalib/plugins/dns.py:903 ipalib/plugins/dns.py:942
-#: ipalib/plugins/dns.py:1195 ipalib/plugins/dns.py:1292
-#: ipalib/plugins/dns.py:2929
+#: ipalib/plugins/dns.py:904 ipalib/plugins/dns.py:943
+#: ipalib/plugins/dns.py:1196 ipalib/plugins/dns.py:1293
+#: ipalib/plugins/dns.py:2930
 msgid "Hostname"
 msgstr ""
 
-#: ipalib/plugins/dns.py:917
+#: ipalib/plugins/dns.py:918
 msgid "Certificate Type"
 msgstr ""
 
-#: ipalib/plugins/dns.py:922 ipalib/plugins/dns.py:977
-#: ipalib/plugins/dns.py:1375
+#: ipalib/plugins/dns.py:923 ipalib/plugins/dns.py:978
+#: ipalib/plugins/dns.py:1376
 msgid "Key Tag"
 msgstr ""
 
-#: ipalib/plugins/dns.py:927 ipalib/plugins/dns.py:982
-#: ipalib/plugins/dns.py:1016 ipalib/plugins/dns.py:1353
-#: ipalib/plugins/dns.py:1401
+#: ipalib/plugins/dns.py:928 ipalib/plugins/dns.py:983
+#: ipalib/plugins/dns.py:1017 ipalib/plugins/dns.py:1354
+#: ipalib/plugins/dns.py:1402
 msgid "Algorithm"
 msgstr ""
 
-#: ipalib/plugins/dns.py:932
+#: ipalib/plugins/dns.py:933
 msgid "Certificate/CRL"
 msgstr ""
 
-#: ipalib/plugins/dns.py:943
+#: ipalib/plugins/dns.py:944
 msgid "A hostname which this alias hostname points to"
 msgstr ""
 
-#: ipalib/plugins/dns.py:963 ipalib/plugins/dns.py:1329
+#: ipalib/plugins/dns.py:964 ipalib/plugins/dns.py:1330
 #: ipalib/plugins/internal.py:502
 msgid "Target"
 msgstr ""
 
-#: ipalib/plugins/dns.py:987
+#: ipalib/plugins/dns.py:988
 msgid "Digest Type"
 msgstr ""
 
-#: ipalib/plugins/dns.py:992
+#: ipalib/plugins/dns.py:993
 msgid "Digest"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1006 ipalib/plugins/dns.py:1271
+#: ipalib/plugins/dns.py:1007 ipalib/plugins/dns.py:1272
 msgid "Flags"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1011
+#: ipalib/plugins/dns.py:1012
 msgid "Protocol"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1021
+#: ipalib/plugins/dns.py:1022
 msgid "Public Key"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1035 ipalib/plugins/dns.py:1176
-#: ipalib/plugins/dns.py:1265
-msgid "Preference"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1036 ipalib/plugins/dns.py:1177
+#: ipalib/plugins/dns.py:1266
+msgid "Preference"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1037 ipalib/plugins/dns.py:1178
 msgid "Preference given to this exchanger. Lower values are more preferred"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1042 ipalib/plugins/dns.py:1183
+#: ipalib/plugins/dns.py:1043 ipalib/plugins/dns.py:1184
 msgid "Exchanger"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1043
+#: ipalib/plugins/dns.py:1044
 msgid "A host willing to act as a key exchanger"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1052
+#: ipalib/plugins/dns.py:1053
 msgid "Degrees Latitude"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1057
+#: ipalib/plugins/dns.py:1058
 msgid "Minutes Latitude"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1062
+#: ipalib/plugins/dns.py:1063
 msgid "Seconds Latitude"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1068
+#: ipalib/plugins/dns.py:1069
 msgid "Direction Latitude"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1072
+#: ipalib/plugins/dns.py:1073
 msgid "Degrees Longitude"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1077
+#: ipalib/plugins/dns.py:1078
 msgid "Minutes Longitude"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1082
+#: ipalib/plugins/dns.py:1083
 msgid "Seconds Longitude"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1088
+#: ipalib/plugins/dns.py:1089
 msgid "Direction Longitude"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1092
+#: ipalib/plugins/dns.py:1093
 msgid "Altitude"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1098
+#: ipalib/plugins/dns.py:1099
 msgid "Size"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1104
+#: ipalib/plugins/dns.py:1105
 msgid "Horizontal Precision"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1110
+#: ipalib/plugins/dns.py:1111
 msgid "Vertical Precision"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1117
+#: ipalib/plugins/dns.py:1118
 msgid ""
 "format must be specified as\n"
 "    \"d1 [m1 [s1]] {\"N\"|\"S\"}  d2 [m2 [s2]] {\"E\"|\"W\"} alt[\"m\"] "
@@ -3018,547 +3018,547 @@ msgid ""
 "    See RFC 1876 for details"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1166
+#: ipalib/plugins/dns.py:1167
 #, python-format
 msgid "'%(required)s' must not be empty when '%(name)s' is set"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1184
+#: ipalib/plugins/dns.py:1185
 msgid "A host willing to act as a mail exchanger"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1202
+#: ipalib/plugins/dns.py:1203
 msgid ""
 "format must be specified as \"NEXT TYPE1 [TYPE2 [TYPE3 [...]]]\" (see RFC "
 "4034 for details)"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1209
+#: ipalib/plugins/dns.py:1210
 msgid "Next Domain Name"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1212
+#: ipalib/plugins/dns.py:1213
 msgid "Type Map"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1252
+#: ipalib/plugins/dns.py:1253
 msgid "flags must be one of \"S\", \"A\", \"U\", or \"P\""
 msgstr ""
 
-#: ipalib/plugins/dns.py:1260
+#: ipalib/plugins/dns.py:1261
 msgid "Order"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1275 ipalib/plugins/hbactest.py:265
-#: ipalib/plugins/internal.py:550 ipalib/plugins/service.py:316
+#: ipalib/plugins/dns.py:1276 ipalib/plugins/hbactest.py:265
+#: ipalib/plugins/internal.py:551 ipalib/plugins/service.py:316
 msgid "Service"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1278
+#: ipalib/plugins/dns.py:1279
 msgid "Regular Expression"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1281
+#: ipalib/plugins/dns.py:1282
 msgid "Replacement"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1293
+#: ipalib/plugins/dns.py:1294
 msgid "The hostname this reverse record points to"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1313 ipalib/plugins/pwpolicy.py:266
+#: ipalib/plugins/dns.py:1314 ipalib/plugins/pwpolicy.py:267
 msgid "Priority"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1318
+#: ipalib/plugins/dns.py:1319
 msgid "Weight"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1323
+#: ipalib/plugins/dns.py:1324
 msgid "Port"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1330
+#: ipalib/plugins/dns.py:1331
 msgid ""
 "The domain name of the target host or '.' if the service is decidedly not "
 "available at this domain"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1339
+#: ipalib/plugins/dns.py:1340
 msgid "the value does not follow \"YYYYMMDDHHMMSS\" time format"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1349
+#: ipalib/plugins/dns.py:1350
 msgid "Type Covered"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1358
+#: ipalib/plugins/dns.py:1359
 msgid "Labels"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1363
+#: ipalib/plugins/dns.py:1364
 msgid "Original TTL"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1368
+#: ipalib/plugins/dns.py:1369
 msgid "Signature Expiration"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1372
+#: ipalib/plugins/dns.py:1373
 msgid "Signature Inception"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1380
+#: ipalib/plugins/dns.py:1381
 msgid "Signer's Name"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1383
+#: ipalib/plugins/dns.py:1384
 msgid "Signature"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1406
+#: ipalib/plugins/dns.py:1407
 msgid "Fingerprint Type"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1411
+#: ipalib/plugins/dns.py:1412
 msgid "Fingerprint"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1432
+#: ipalib/plugins/dns.py:1433
 msgid "Text Data"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1479
+#: ipalib/plugins/dns.py:1480
 msgid "Records"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1482
+#: ipalib/plugins/dns.py:1483
 msgid "Record type"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1515
+#: ipalib/plugins/dns.py:1516
 #, python-format
 msgid "Nameserver '%(host)s' does not have a corresponding A/AAAA record"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1533
+#: ipalib/plugins/dns.py:1534
 msgid "Managedby permission"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1542
-msgid "DNS zone"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1543
+msgid "DNS zone"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1544
 msgid "DNS zones"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1552
-msgid "DNS Zones"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1553
+msgid "DNS Zones"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1554
 msgid "DNS Zone"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1559
-msgid "Zone name"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1560
+msgid "Zone name"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1561
 msgid "Zone name (FQDN)"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1566
-msgid "Reverse zone IP network"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1567
+msgid "Reverse zone IP network"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1568
 msgid "IP network to create reverse zone name from"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1572
-msgid "Authoritative nameserver"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1573
+msgid "Authoritative nameserver"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1574
 msgid "Authoritative nameserver domain name"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1579 ipalib/plugins/dns.py:1580
+#: ipalib/plugins/dns.py:1580 ipalib/plugins/dns.py:1581
 msgid "Administrator e-mail address"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1586
-msgid "SOA serial"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1587
+msgid "SOA serial"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1588
 msgid "SOA record serial number"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1595
-msgid "SOA refresh"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1596
+msgid "SOA refresh"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1597
 msgid "SOA record refresh time"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1604
-msgid "SOA retry"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1605
+msgid "SOA retry"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1606
 msgid "SOA record retry time"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1613
-msgid "SOA expire"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1614
+msgid "SOA expire"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1615
 msgid "SOA record expire time"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1622
-msgid "SOA minimum"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1623
+msgid "SOA minimum"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1624
 msgid "How long should negative responses be cached"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1631
-msgid "SOA time to live"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1632
+msgid "SOA time to live"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1633
 msgid "SOA record time to live"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1638
-msgid "SOA class"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1639
+msgid "SOA class"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1640
 msgid "SOA record class"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1644 ipalib/plugins/dns.py:1645
+#: ipalib/plugins/dns.py:1645 ipalib/plugins/dns.py:1646
 msgid "BIND update policy"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1651
-msgid "Active zone"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1652
+msgid "Active zone"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1653
 msgid "Is zone active?"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1658
-msgid "Dynamic update"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1659
+msgid "Dynamic update"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1660
 msgid "Allow dynamic updates."
 msgstr ""
 
-#: ipalib/plugins/dns.py:1668
-msgid "Allow query"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1669
+msgid "Allow query"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1670
 msgid ""
 "Semicolon separated list of IP addresses or networks which are allowed to "
 "issue queries"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1677
-msgid "Allow transfer"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1678
+msgid "Allow transfer"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1679
 msgid ""
 "Semicolon separated list of IP addresses or networks which are allowed to "
 "transfer the zone"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1685
-msgid "Zone forwarders"
-msgstr ""
-
 #: ipalib/plugins/dns.py:1686
+msgid "Zone forwarders"
+msgstr ""
+
+#: ipalib/plugins/dns.py:1687
 msgid ""
 "Per-zone forwarders. A custom port can be specified for each forwarder using "
 "a standard format \"IP_ADDRESS port PORT\""
 msgstr ""
 
-#: ipalib/plugins/dns.py:1692 ipalib/plugins/dns.py:2999
+#: ipalib/plugins/dns.py:1693 ipalib/plugins/dns.py:2999
 msgid "Forward policy"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1693
+#: ipalib/plugins/dns.py:1694
 msgid ""
 "Per-zone conditional forwarding policy. Set to \"none\" to disable "
 "forwarding to global forwarder for this zone. In that case, conditional zone "
 "forwarders are disregarded."
 msgstr ""
 
-#: ipalib/plugins/dns.py:1700 ipalib/plugins/dns.py:3006
+#: ipalib/plugins/dns.py:1701 ipalib/plugins/dns.py:3006
 msgid "Allow PTR sync"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1701
+#: ipalib/plugins/dns.py:1702
 msgid ""
 "Allow synchronization of forward (A, AAAA) and reverse (PTR) records in the "
 "zone"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1763
+#: ipalib/plugins/dns.py:1764
 msgid "Create new DNS zone (SOA record)."
 msgstr ""
 
-#: ipalib/plugins/dns.py:1768 ipalib/plugins/dns.py:1903
-#: ipalib/plugins/dns.py:2364 ipalib/plugins/host.py:397
+#: ipalib/plugins/dns.py:1769 ipalib/plugins/dns.py:1904
+#: ipalib/plugins/dns.py:2365 ipalib/plugins/host.py:399
 #: ipalib/plugins/permission.py:298 ipalib/plugins/realmdomains.py:97
 #: ipalib/plugins/service.py:369
 msgid "Force"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1769
+#: ipalib/plugins/dns.py:1770
 msgid "Force DNS zone creation even if nameserver is not resolvable."
 msgstr ""
 
-#: ipalib/plugins/dns.py:1772
+#: ipalib/plugins/dns.py:1773
 msgid "Add forward record for nameserver located in the created zone"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1773 ipalib/plugins/dns.py:1794
+#: ipalib/plugins/dns.py:1774 ipalib/plugins/dns.py:1795
 msgid "Nameserver IP address"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1800
+#: ipalib/plugins/dns.py:1801
 msgid "DNS is not configured"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1810
+#: ipalib/plugins/dns.py:1811
 msgid "Nameserver address is not a domain name"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1823
+#: ipalib/plugins/dns.py:1824
 msgid "Nameserver for reverse zone cannot be a relative DNS name"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1827
+#: ipalib/plugins/dns.py:1828
 msgid "Nameserver DNS record is created for for forward zones only"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1831
+#: ipalib/plugins/dns.py:1832
 msgid "Nameserver DNS record is created only for nameservers in current zone"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1872
+#: ipalib/plugins/dns.py:1873
 msgid "Delete DNS zone (SOA record)."
 msgstr ""
 
-#: ipalib/plugins/dns.py:1874
+#: ipalib/plugins/dns.py:1875
 #, python-format
 msgid "Deleted DNS zone \"%(value)s\""
 msgstr ""
 
-#: ipalib/plugins/dns.py:1899
+#: ipalib/plugins/dns.py:1900
 msgid "Modify DNS zone (SOA record)."
 msgstr ""
 
-#: ipalib/plugins/dns.py:1904
+#: ipalib/plugins/dns.py:1905
 msgid "Force nameserver change even if nameserver not in DNS"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1921
+#: ipalib/plugins/dns.py:1922
 msgid "Search for DNS zones (SOA records)."
 msgstr ""
 
-#: ipalib/plugins/dns.py:1945
+#: ipalib/plugins/dns.py:1946
 msgid "Forward zones only"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1947
+#: ipalib/plugins/dns.py:1948
 msgid "Search for forward zones only"
 msgstr ""
 
-#: ipalib/plugins/dns.py:1967
+#: ipalib/plugins/dns.py:1968
 msgid "Display information about a DNS zone (SOA record)."
 msgstr ""
 
-#: ipalib/plugins/dns.py:1975
+#: ipalib/plugins/dns.py:1976
 msgid "Disable DNS Zone."
 msgstr ""
 
-#: ipalib/plugins/dns.py:1978
+#: ipalib/plugins/dns.py:1979
 #, python-format
 msgid "Disabled DNS zone \"%(value)s\""
 msgstr ""
 
-#: ipalib/plugins/dns.py:1996
+#: ipalib/plugins/dns.py:1997
 msgid "Enable DNS Zone."
 msgstr ""
 
-#: ipalib/plugins/dns.py:1999
+#: ipalib/plugins/dns.py:2000
 #, python-format
 msgid "Enabled DNS zone \"%(value)s\""
 msgstr ""
 
-#: ipalib/plugins/dns.py:2016
+#: ipalib/plugins/dns.py:2017
 msgid "Add a permission for per-zone access delegation."
 msgstr ""
 
-#: ipalib/plugins/dns.py:2019
+#: ipalib/plugins/dns.py:2020
 #, python-format
 msgid "Added system permission \"%(value)s\""
 msgstr ""
 
-#: ipalib/plugins/dns.py:2052
+#: ipalib/plugins/dns.py:2053
 msgid "Remove a permission for per-zone access delegation."
 msgstr ""
 
-#: ipalib/plugins/dns.py:2055
+#: ipalib/plugins/dns.py:2056
 #, python-format
 msgid "Removed system permission \"%(value)s\""
 msgstr ""
 
-#: ipalib/plugins/dns.py:2086
-msgid "DNS resource record"
-msgstr ""
-
 #: ipalib/plugins/dns.py:2087
+msgid "DNS resource record"
+msgstr ""
+
+#: ipalib/plugins/dns.py:2088
 msgid "DNS resource records"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2092
-msgid "DNS Resource Records"
-msgstr ""
-
 #: ipalib/plugins/dns.py:2093
+msgid "DNS Resource Records"
+msgstr ""
+
+#: ipalib/plugins/dns.py:2094
 msgid "DNS Resource Record"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2099 ipalib/plugins/dns.py:2100
+#: ipalib/plugins/dns.py:2100 ipalib/plugins/dns.py:2101
 msgid "Record name"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2105 ipalib/plugins/dns.py:2106
+#: ipalib/plugins/dns.py:2106 ipalib/plugins/dns.py:2107
 msgid "Time to live"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2110 ipalib/plugins/host.py:329
+#: ipalib/plugins/dns.py:2111 ipalib/plugins/host.py:331
 msgid "Class"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2111
+#: ipalib/plugins/dns.py:2112
 msgid "DNS class"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2117
-msgid "Structured"
-msgstr ""
-
 #: ipalib/plugins/dns.py:2118
+msgid "Structured"
+msgstr ""
+
+#: ipalib/plugins/dns.py:2119
 msgid "Parse all raw DNS records and return them in a structured way"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2149
+#: ipalib/plugins/dns.py:2150
 #, python-format
 msgid ""
 "Reverse zone for PTR record should be a sub-zone of one the following fully "
 "qualified domains: %s"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2155
+#: ipalib/plugins/dns.py:2156
 #, python-format
 msgid ""
 "Reverse zone %(name)s requires exactly %(count)d IP address components, "
 "%(user_count)d given"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2327
+#: ipalib/plugins/dns.py:2328
 msgid "only one CNAME record is allowed per name (RFC 2136, section 1.1.5)"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2333
+#: ipalib/plugins/dns.py:2334
 msgid ""
 "CNAME record is not allowed to coexist with any other record (RFC 1034, "
 "section 3.6.2)"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2345
+#: ipalib/plugins/dns.py:2346
 msgid "only one DNAME record is allowed per name (RFC 6672, section 2.4)"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2350
+#: ipalib/plugins/dns.py:2351
 msgid ""
 "DNAME record is not allowed to coexist with an NS record except when located "
 "in a zone root record (RFC 6672, section 2.3)"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2358
+#: ipalib/plugins/dns.py:2359
 msgid "Add new DNS resource record."
 msgstr ""
 
-#: ipalib/plugins/dns.py:2366
+#: ipalib/plugins/dns.py:2367
 msgid "force NS record creation even if its hostname is not in DNS"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2403
-msgid "Please choose a type of DNS resource record to be added"
-msgstr ""
-
 #: ipalib/plugins/dns.py:2404
+msgid "Please choose a type of DNS resource record to be added"
+msgstr ""
+
+#: ipalib/plugins/dns.py:2405
 #, python-format
 msgid "The most common types for this type of zone are: %s\n"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2409
+#: ipalib/plugins/dns.py:2410
 msgid "DNS resource record type"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2425
+#: ipalib/plugins/dns.py:2426
 #, python-format
 msgid "Invalid or unsupported type. Allowed values are: %s"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2453
+#: ipalib/plugins/dns.py:2454
 #, python-format
 msgid "Raw value of a DNS record was already set by \"%(name)s\" option"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2548
+#: ipalib/plugins/dns.py:2549
 msgid "Modify a DNS resource record."
 msgstr ""
 
-#: ipalib/plugins/dns.py:2565
+#: ipalib/plugins/dns.py:2566
 msgid "DNS zone root record cannot be renamed"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2583
+#: ipalib/plugins/dns.py:2584
 msgid "DNS records can be only updated one at a time"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2663
+#: ipalib/plugins/dns.py:2664
 msgid "No option to modify specific record provided."
 msgstr ""
 
-#: ipalib/plugins/dns.py:2666 ipalib/plugins/dns.py:2838
+#: ipalib/plugins/dns.py:2667 ipalib/plugins/dns.py:2839
 msgid "Current DNS record contents:\n"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2688
+#: ipalib/plugins/dns.py:2689
 #, python-format
 msgid "Modify %(name)s '%(value)s'?"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2696
+#: ipalib/plugins/dns.py:2697
 #, python-format
 msgid ""
 "%(count)d %(type)s record skipped. Only one value per DNS record type can be "
@@ -3569,66 +3569,66 @@ msgid_plural ""
 msgstr[0] ""
 msgstr[1] ""
 
-#: ipalib/plugins/dns.py:2708
+#: ipalib/plugins/dns.py:2709
 #, python-format
 msgid "Deleted record \"%(value)s\""
 msgstr ""
 
-#: ipalib/plugins/dns.py:2715
+#: ipalib/plugins/dns.py:2716
 msgid "Delete DNS resource record."
 msgstr ""
 
-#: ipalib/plugins/dns.py:2719
+#: ipalib/plugins/dns.py:2720
 msgid ""
 "Neither --del-all nor options to delete a specific record provided.\n"
 "Command help may be consulted for all supported record types."
 msgstr ""
 
-#: ipalib/plugins/dns.py:2725
+#: ipalib/plugins/dns.py:2726
 msgid "Delete all associated records"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2791
+#: ipalib/plugins/dns.py:2792
 #, python-format
 msgid "Zone record '%s' cannot be deleted"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2830
-msgid "No option to delete specific record provided."
-msgstr ""
-
 #: ipalib/plugins/dns.py:2831
+msgid "No option to delete specific record provided."
+msgstr ""
+
+#: ipalib/plugins/dns.py:2832
 msgid "Delete all?"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2859
+#: ipalib/plugins/dns.py:2860
 #, python-format
 msgid "Delete %(name)s '%(value)s'?"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2870
+#: ipalib/plugins/dns.py:2871
 msgid "Display DNS resource."
 msgstr ""
 
-#: ipalib/plugins/dns.py:2887
+#: ipalib/plugins/dns.py:2888
 msgid "Search for DNS resources."
 msgstr ""
 
-#: ipalib/plugins/dns.py:2922
+#: ipalib/plugins/dns.py:2923
 msgid "Resolve a host name in DNS."
 msgstr ""
 
-#: ipalib/plugins/dns.py:2925
+#: ipalib/plugins/dns.py:2926
 #, python-format
 msgid "Found '%(value)s'"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2942
+#: ipalib/plugins/dns.py:2943
 #, python-format
 msgid "Host '%(host)s' not found"
 msgstr ""
 
-#: ipalib/plugins/dns.py:2979
+#: ipalib/plugins/dns.py:2980
 msgid "DNS configuration options"
 msgstr ""
 
@@ -3660,19 +3660,15 @@ msgstr ""
 msgid "Zone refresh interval"
 msgstr ""
 
-#: ipalib/plugins/dns.py:3012
-msgid "An interval between regular polls of the name server for new DNS zones"
-msgstr ""
-
-#: ipalib/plugins/dns.py:3027
+#: ipalib/plugins/dns.py:3025
 msgid "Global DNS configuration is empty"
 msgstr ""
 
-#: ipalib/plugins/dns.py:3033
+#: ipalib/plugins/dns.py:3031
 msgid "Modify global DNS configuration."
 msgstr ""
 
-#: ipalib/plugins/dns.py:3044
+#: ipalib/plugins/dns.py:3042
 msgid "Show the current global DNS configuration."
 msgstr ""
 
@@ -4050,7 +4046,7 @@ msgstr ""
 msgid "Service category the rule applies to"
 msgstr ""
 
-#: ipalib/plugins/hbacrule.py:182 ipalib/plugins/internal.py:657
+#: ipalib/plugins/hbacrule.py:182 ipalib/plugins/internal.py:658
 #: ipalib/plugins/selinuxusermap.py:187 ipalib/plugins/sudorule.py:114
 msgid "Enabled"
 msgstr ""
@@ -4061,7 +4057,7 @@ msgstr ""
 msgid "Users"
 msgstr ""
 
-#: ipalib/plugins/hbacrule.py:194 ipalib/plugins/host.py:254
+#: ipalib/plugins/hbacrule.py:194 ipalib/plugins/host.py:256
 #: ipalib/plugins/internal.py:490 ipalib/plugins/selinuxusermap.py:199
 #: ipalib/plugins/sudorule.py:163
 msgid "Hosts"
@@ -4680,11 +4676,14 @@ msgid ""
 "   Host Enrollment privilege.\n"
 "3. The host has been created with a one-time password.\n"
 "\n"
-"A host can only be enrolled once. If a client has enrolled and needs to\n"
-"be re-enrolled, the host entry must be removed and re-created. Note that\n"
-"re-creating the host entry will result in all services for the host being\n"
-"removed, and all SSL certificates associated with those services being\n"
-"revoked.\n"
+"\n"
+"RE-ENROLLMENT:\n"
+"\n"
+"Host that has been enrolled at some point, and lost its configuration (e.g. "
+"VM\n"
+"destroyed) can be re-enrolled.\n"
+"\n"
+"For more information, consult the manual pages for ipa-client-install.\n"
 "\n"
 "A host can optionally store information such as where it is located,\n"
 "the OS that it runs, etc.\n"
@@ -4717,221 +4716,221 @@ msgid ""
 "   ipa host-add-managedby --hosts=test2 test\n"
 msgstr ""
 
-#: ipalib/plugins/host.py:156 ipalib/plugins/service.py:96
+#: ipalib/plugins/host.py:158 ipalib/plugins/service.py:96
 msgid "Keytab"
 msgstr ""
 
-#: ipalib/plugins/host.py:168 ipalib/plugins/internal.py:363
+#: ipalib/plugins/host.py:170 ipalib/plugins/internal.py:363
 #: ipalib/plugins/service.py:105
 msgid "Serial Number"
 msgstr ""
 
-#: ipalib/plugins/host.py:171 ipalib/plugins/internal.py:364
+#: ipalib/plugins/host.py:173 ipalib/plugins/internal.py:364
 #: ipalib/plugins/service.py:108
 msgid "Serial Number (hex)"
 msgstr ""
 
-#: ipalib/plugins/host.py:192
+#: ipalib/plugins/host.py:194
 msgid "Failed managedby"
 msgstr ""
 
-#: ipalib/plugins/host.py:195 ipalib/plugins/user.py:92
+#: ipalib/plugins/host.py:197 ipalib/plugins/user.py:92
 msgid "SSH public key fingerprint"
 msgstr ""
 
-#: ipalib/plugins/host.py:221
+#: ipalib/plugins/host.py:223
 msgid "host"
 msgstr ""
 
-#: ipalib/plugins/host.py:222
+#: ipalib/plugins/host.py:224
 msgid "hosts"
 msgstr ""
 
-#: ipalib/plugins/host.py:255 ipalib/plugins/internal.py:488
-#: ipalib/plugins/internal.py:538
+#: ipalib/plugins/host.py:257 ipalib/plugins/internal.py:488
+#: ipalib/plugins/internal.py:539
 msgid "Host"
 msgstr ""
 
-#: ipalib/plugins/host.py:260
+#: ipalib/plugins/host.py:262
 msgid "Host name"
 msgstr ""
 
-#: ipalib/plugins/host.py:267
+#: ipalib/plugins/host.py:269
 msgid "A description of this host"
 msgstr ""
 
-#: ipalib/plugins/host.py:271
+#: ipalib/plugins/host.py:273
 msgid "Locality"
 msgstr ""
 
-#: ipalib/plugins/host.py:272
+#: ipalib/plugins/host.py:274
 msgid "Host locality (e.g. \"Baltimore, MD\")"
 msgstr ""
 
-#: ipalib/plugins/host.py:277
+#: ipalib/plugins/host.py:279
 msgid "Host location (e.g. \"Lab 2\")"
 msgstr ""
 
-#: ipalib/plugins/host.py:281
+#: ipalib/plugins/host.py:283
 msgid "Platform"
 msgstr ""
 
-#: ipalib/plugins/host.py:282
+#: ipalib/plugins/host.py:284
 msgid "Host hardware platform (e.g. \"Lenovo T61\")"
 msgstr ""
 
-#: ipalib/plugins/host.py:286
+#: ipalib/plugins/host.py:288
 msgid "Operating system"
 msgstr ""
 
-#: ipalib/plugins/host.py:287
+#: ipalib/plugins/host.py:289
 msgid "Host operating system and version (e.g. \"Fedora 9\")"
 msgstr ""
 
-#: ipalib/plugins/host.py:291
+#: ipalib/plugins/host.py:293
 msgid "User password"
 msgstr ""
 
-#: ipalib/plugins/host.py:292
+#: ipalib/plugins/host.py:294
 msgid "Password used in bulk enrollment"
 msgstr ""
 
-#: ipalib/plugins/host.py:295
+#: ipalib/plugins/host.py:297
 msgid "Generate a random password to be used in bulk enrollment"
 msgstr ""
 
-#: ipalib/plugins/host.py:300 ipalib/plugins/user.py:301
+#: ipalib/plugins/host.py:302 ipalib/plugins/user.py:301
 msgid "Random password"
 msgstr ""
 
-#: ipalib/plugins/host.py:306 ipalib/plugins/service.py:329
+#: ipalib/plugins/host.py:308 ipalib/plugins/service.py:329
 msgid "Base-64 encoded server certificate"
 msgstr ""
 
-#: ipalib/plugins/host.py:309 ipalib/plugins/host.py:627
+#: ipalib/plugins/host.py:311 ipalib/plugins/host.py:629
 msgid "Principal name"
 msgstr ""
 
-#: ipalib/plugins/host.py:317
+#: ipalib/plugins/host.py:319
 msgid "MAC address"
 msgstr ""
 
-#: ipalib/plugins/host.py:318
+#: ipalib/plugins/host.py:320
 msgid "Hardware MAC address(es) on this host"
 msgstr ""
 
-#: ipalib/plugins/host.py:322 ipalib/plugins/user.py:363
+#: ipalib/plugins/host.py:324 ipalib/plugins/user.py:363
 msgid "SSH public key"
 msgstr ""
 
-#: ipalib/plugins/host.py:330
+#: ipalib/plugins/host.py:332
 msgid ""
 "Host category (semantics placed on this attribute are for local "
 "interpretation)"
 msgstr ""
 
-#: ipalib/plugins/host.py:390
+#: ipalib/plugins/host.py:392
 msgid "Add a new host."
 msgstr ""
 
-#: ipalib/plugins/host.py:393
+#: ipalib/plugins/host.py:395
 #, python-format
 msgid "Added host \"%(value)s\""
 msgstr ""
 
-#: ipalib/plugins/host.py:398
+#: ipalib/plugins/host.py:400
 msgid "force host name even if not in DNS"
 msgstr ""
 
-#: ipalib/plugins/host.py:401
+#: ipalib/plugins/host.py:403
 msgid "skip reverse DNS detection"
 msgstr ""
 
-#: ipalib/plugins/host.py:404
+#: ipalib/plugins/host.py:406
 msgid "Add the host to DNS with this IP address"
 msgstr ""
 
-#: ipalib/plugins/host.py:485
+#: ipalib/plugins/host.py:487
 #, python-format
 msgid "The host was added but the DNS update failed with: %(exc)s"
 msgstr ""
 
-#: ipalib/plugins/host.py:506
-msgid "Delete a host."
-msgstr ""
-
 #: ipalib/plugins/host.py:508
+msgid "Delete a host."
+msgstr ""
+
+#: ipalib/plugins/host.py:510
 #, python-format
 msgid "Deleted host \"%(value)s\""
 msgstr ""
 
-#: ipalib/plugins/host.py:513
+#: ipalib/plugins/host.py:515
 msgid "Remove entries from DNS"
 msgstr ""
 
-#: ipalib/plugins/host.py:618
+#: ipalib/plugins/host.py:620
 msgid "Modify information about a host."
 msgstr ""
 
-#: ipalib/plugins/host.py:621
+#: ipalib/plugins/host.py:623
 #, python-format
 msgid "Modified host \"%(value)s\""
 msgstr ""
 
-#: ipalib/plugins/host.py:628
+#: ipalib/plugins/host.py:630
 msgid "Kerberos principal name for this host"
 msgstr ""
 
-#: ipalib/plugins/host.py:632
+#: ipalib/plugins/host.py:634
 msgid "Update DNS entries"
 msgstr ""
 
-#: ipalib/plugins/host.py:645
+#: ipalib/plugins/host.py:647
 msgid "Password cannot be set on enrolled host."
 msgstr ""
 
-#: ipalib/plugins/host.py:649
+#: ipalib/plugins/host.py:651
 msgid "cn is immutable"
 msgstr ""
 
-#: ipalib/plugins/host.py:768
+#: ipalib/plugins/host.py:770
 msgid "Search for hosts."
 msgstr ""
 
-#: ipalib/plugins/host.py:772
+#: ipalib/plugins/host.py:774
 #, python-format
 msgid "%(count)d host matched"
 msgid_plural "%(count)d hosts matched"
 msgstr[0] ""
 msgstr[1] ""
 
-#: ipalib/plugins/host.py:854
+#: ipalib/plugins/host.py:856
 msgid "Display information about a host."
 msgstr ""
 
-#: ipalib/plugins/host.py:859 ipalib/plugins/service.py:560
+#: ipalib/plugins/host.py:861 ipalib/plugins/service.py:560
 msgid "file to store certificate in"
 msgstr ""
 
-#: ipalib/plugins/host.py:891 ipalib/plugins/service.py:580
+#: ipalib/plugins/host.py:893 ipalib/plugins/service.py:580
 #, python-format
 msgid "Certificate stored in file '%(file)s'"
 msgstr ""
 
-#: ipalib/plugins/host.py:902
+#: ipalib/plugins/host.py:904
 msgid "Disable the Kerberos key, SSL certificate and all services of a host."
 msgstr ""
 
-#: ipalib/plugins/host.py:905
+#: ipalib/plugins/host.py:907
 #, python-format
 msgid "Disabled host \"%(value)s\""
 msgstr ""
 
-#: ipalib/plugins/host.py:998
+#: ipalib/plugins/host.py:1000
 msgid "Add hosts that can manage this host."
 msgstr ""
 
-#: ipalib/plugins/host.py:1013
+#: ipalib/plugins/host.py:1015
 msgid "Remove hosts that can manage this host."
 msgstr ""
 
@@ -5581,15 +5580,15 @@ msgstr ""
 msgid "Close"
 msgstr ""
 
-#: ipalib/plugins/internal.py:194 ipalib/plugins/internal.py:654
+#: ipalib/plugins/internal.py:194 ipalib/plugins/internal.py:655
 msgid "Disable"
 msgstr ""
 
 #: ipalib/plugins/internal.py:195
 msgid "Edit"
 msgstr ""
 
-#: ipalib/plugins/internal.py:196 ipalib/plugins/internal.py:656
+#: ipalib/plugins/internal.py:196 ipalib/plugins/internal.py:657
 msgid "Enable"
 msgstr ""
 
@@ -5950,7 +5949,7 @@ msgstr ""
 msgid "CA Compromise"
 msgstr ""
 
-#: ipalib/plugins/internal.py:320 ipalib/plugins/internal.py:664
+#: ipalib/plugins/internal.py:320 ipalib/plugins/internal.py:665
 msgid "Certificates"
 msgstr ""
 
@@ -6177,8 +6176,8 @@ msgstr ""
 msgid "Forward only"
 msgstr ""
 
-#: ipalib/plugins/internal.py:386 ipalib/plugins/internal.py:587
-#: ipalib/plugins/internal.py:610
+#: ipalib/plugins/internal.py:386 ipalib/plugins/internal.py:588
+#: ipalib/plugins/internal.py:611
 msgid "Options"
 msgstr ""
 
@@ -6271,7 +6270,7 @@ msgid "Group Settings"
 msgstr ""
 
 #: ipalib/plugins/internal.py:415 ipalib/plugins/internal.py:487
-#: ipalib/plugins/internal.py:582
+#: ipalib/plugins/internal.py:583
 msgid "External"
 msgstr ""
 
@@ -6296,46 +6295,46 @@ msgid "Group Type"
 msgstr ""
 
 #: ipalib/plugins/internal.py:423 ipalib/plugins/internal.py:485
-#: ipalib/plugins/internal.py:536 ipalib/plugins/internal.py:578
+#: ipalib/plugins/internal.py:537 ipalib/plugins/internal.py:579
 msgid "Any Host"
 msgstr ""
 
 #: ipalib/plugins/internal.py:424
 msgid "Any Service"
 msgstr ""
 
 #: ipalib/plugins/internal.py:425 ipalib/plugins/internal.py:486
-#: ipalib/plugins/internal.py:537 ipalib/plugins/internal.py:579
+#: ipalib/plugins/internal.py:538 ipalib/plugins/internal.py:580
 msgid "Anyone"
 msgstr ""
 
 #: ipalib/plugins/internal.py:426
 msgid "Accessing"
 msgstr ""
 
-#: ipalib/plugins/internal.py:427 ipalib/plugins/internal.py:584
+#: ipalib/plugins/internal.py:427 ipalib/plugins/internal.py:585
 msgid "Rule status"
 msgstr ""
 
 #: ipalib/plugins/internal.py:428
 msgid "Via Service"
 msgstr ""
 
 #: ipalib/plugins/internal.py:429 ipalib/plugins/internal.py:492
-#: ipalib/plugins/internal.py:539 ipalib/plugins/internal.py:591
+#: ipalib/plugins/internal.py:540 ipalib/plugins/internal.py:592
 msgid "Specified Hosts and Groups"
 msgstr ""
 
 #: ipalib/plugins/internal.py:430
 msgid "Specified Services and Groups"
 msgstr ""
 
 #: ipalib/plugins/internal.py:431 ipalib/plugins/internal.py:493
-#: ipalib/plugins/internal.py:540 ipalib/plugins/internal.py:592
+#: ipalib/plugins/internal.py:541 ipalib/plugins/internal.py:593
 msgid "Specified Users and Groups"
 msgstr ""
 
-#: ipalib/plugins/internal.py:432 ipalib/plugins/internal.py:593
+#: ipalib/plugins/internal.py:432 ipalib/plugins/internal.py:594
 msgid "Who"
 msgstr ""
 
@@ -6391,11 +6390,11 @@ msgstr ""
 msgid "Host Certificate"
 msgstr ""
 
-#: ipalib/plugins/internal.py:455 ipalib/plugins/internal.py:547
+#: ipalib/plugins/internal.py:455 ipalib/plugins/internal.py:548
 msgid "Host Name"
 msgstr ""
 
-#: ipalib/plugins/internal.py:456 ipalib/plugins/internal.py:545
+#: ipalib/plugins/internal.py:456 ipalib/plugins/internal.py:546
 msgid "Delete Key, Unprovision"
 msgstr ""
 
@@ -6419,7 +6418,7 @@ msgstr ""
 msgid "Kerberos Key"
 msgstr ""
 
-#: ipalib/plugins/internal.py:462 ipalib/plugins/internal.py:548
+#: ipalib/plugins/internal.py:462 ipalib/plugins/internal.py:549
 msgid "Kerberos Key Not Present"
 msgstr ""
 
@@ -6459,15 +6458,15 @@ msgstr ""
 msgid "Set One-Time-Password"
 msgstr ""
 
-#: ipalib/plugins/internal.py:473 ipalib/plugins/internal.py:552
+#: ipalib/plugins/internal.py:473 ipalib/plugins/internal.py:553
 msgid "Unprovision"
 msgstr ""
 
 #: ipalib/plugins/internal.py:474
 msgid "Are you sure you want to unprovision this host?"
 msgstr ""
 
-#: ipalib/plugins/internal.py:475 ipalib/plugins/internal.py:554
+#: ipalib/plugins/internal.py:475 ipalib/plugins/internal.py:555
 msgid "Unprovisioning ${entity}"
 msgstr ""
 
@@ -6488,12 +6487,12 @@ msgstr ""
 msgid "Netgroup Settings"
 msgstr ""
 
-#: ipalib/plugins/internal.py:494 ipalib/plugins/internal.py:541
-#: ipalib/plugins/pwpolicy.py:443 ipalib/plugins/user.py:226
+#: ipalib/plugins/internal.py:494 ipalib/plugins/internal.py:542
+#: ipalib/plugins/pwpolicy.py:444 ipalib/plugins/user.py:226
 msgid "User"
 msgstr ""
 
-#: ipalib/plugins/internal.py:499 ipalib/plugins/internal.py:667
+#: ipalib/plugins/internal.py:499 ipalib/plugins/internal.py:668
 msgid "Identity"
 msgstr ""
 
@@ -6542,448 +6541,452 @@ msgid "Active Directory domain with POSIX attributes"
 msgstr ""
 
 #: ipalib/plugins/internal.py:520
-msgid "Local domain"
+msgid "Detect"
 msgstr ""
 
 #: ipalib/plugins/internal.py:521
-msgid "IPA trust"
+msgid "Local domain"
 msgstr ""
 
 #: ipalib/plugins/internal.py:522
+msgid "IPA trust"
+msgstr ""
+
+#: ipalib/plugins/internal.py:523
 msgid "Active Directory winsync"
 msgstr ""
 
-#: ipalib/plugins/internal.py:525 ipalib/plugins/realmdomains.py:65
+#: ipalib/plugins/internal.py:526 ipalib/plugins/realmdomains.py:65
 #: ipalib/plugins/realmdomains.py:66
 msgid "Realm Domains"
 msgstr ""
 
-#: ipalib/plugins/internal.py:526
-msgid "Check DNS"
-msgstr ""
-
 #: ipalib/plugins/internal.py:527
-msgid "Do you also want to perform DNS check?"
+msgid "Check DNS"
 msgstr ""
 
 #: ipalib/plugins/internal.py:528
+msgid "Do you also want to perform DNS check?"
+msgstr ""
+
+#: ipalib/plugins/internal.py:529
 msgid "Force Update"
 msgstr ""
 
-#: ipalib/plugins/internal.py:531
+#: ipalib/plugins/internal.py:532
 msgid "Role Settings"
 msgstr ""
 
-#: ipalib/plugins/internal.py:544
+#: ipalib/plugins/internal.py:545
 msgid "Service Certificate"
 msgstr ""
 
-#: ipalib/plugins/internal.py:546
+#: ipalib/plugins/internal.py:547
 msgid "Service Settings"
 msgstr ""
 
-#: ipalib/plugins/internal.py:549
+#: ipalib/plugins/internal.py:550
 msgid "Provisioning"
 msgstr ""
 
-#: ipalib/plugins/internal.py:553
+#: ipalib/plugins/internal.py:554
 msgid "Are you sure you want to unprovision this service?"
 msgstr ""
 
-#: ipalib/plugins/internal.py:555
-msgid "Service unprovisioned"
-msgstr ""
-
 #: ipalib/plugins/internal.py:556
+msgid "Service unprovisioned"
+msgstr ""
+
+#: ipalib/plugins/internal.py:557
 msgid "Kerberos Key Present, Service Provisioned"
 msgstr ""
 
-#: ipalib/plugins/internal.py:559
-msgid "SSH public keys"
-msgstr ""
-
 #: ipalib/plugins/internal.py:560
-msgid "SSH public key:"
+msgid "SSH public keys"
 msgstr ""
 
 #: ipalib/plugins/internal.py:561
-msgid "Set SSH key"
+msgid "SSH public key:"
 msgstr ""
 
 #: ipalib/plugins/internal.py:562
-msgid "Show/Set key"
+msgid "Set SSH key"
 msgstr ""
 
 #: ipalib/plugins/internal.py:563
-msgid "Modified: key not set"
+msgid "Show/Set key"
 msgstr ""
 
 #: ipalib/plugins/internal.py:564
-msgid "Modified"
+msgid "Modified: key not set"
 msgstr ""
 
 #: ipalib/plugins/internal.py:565
-msgid "New: key not set"
+msgid "Modified"
 msgstr ""
 
 #: ipalib/plugins/internal.py:566
+msgid "New: key not set"
+msgstr ""
+
+#: ipalib/plugins/internal.py:567
 msgid "New: key set"
 msgstr ""
 
-#: ipalib/plugins/internal.py:569
+#: ipalib/plugins/internal.py:570
 msgid "Groups"
 msgstr ""
 
-#: ipalib/plugins/internal.py:572 ipalib/plugins/sudocmdgroup.py:82
+#: ipalib/plugins/internal.py:573 ipalib/plugins/sudocmdgroup.py:82
 msgid "Commands"
 msgstr ""
 
-#: ipalib/plugins/internal.py:575
-msgid "Allow"
-msgstr ""
-
 #: ipalib/plugins/internal.py:576
-msgid "Any Command"
+msgid "Allow"
 msgstr ""
 
 #: ipalib/plugins/internal.py:577
+msgid "Any Command"
+msgstr ""
+
+#: ipalib/plugins/internal.py:578
 msgid "Any Group"
 msgstr ""
 
-#: ipalib/plugins/internal.py:580
-msgid "Run Commands"
-msgstr ""
-
 #: ipalib/plugins/internal.py:581
+msgid "Run Commands"
+msgstr ""
+
+#: ipalib/plugins/internal.py:582
 msgid "Deny"
 msgstr ""
 
-#: ipalib/plugins/internal.py:583
+#: ipalib/plugins/internal.py:584
 msgid "Access this host"
 msgstr ""
 
-#: ipalib/plugins/internal.py:585
-msgid "Option added"
-msgstr ""
-
 #: ipalib/plugins/internal.py:586
+msgid "Option added"
+msgstr ""
+
+#: ipalib/plugins/internal.py:587
 msgid "${count} option(s) removed"
 msgstr ""
 
-#: ipalib/plugins/internal.py:588
-msgid "As Whom"
-msgstr ""
-
 #: ipalib/plugins/internal.py:589
-msgid "Specified Commands and Groups"
+msgid "As Whom"
 msgstr ""
 
 #: ipalib/plugins/internal.py:590
+msgid "Specified Commands and Groups"
+msgstr ""
+
+#: ipalib/plugins/internal.py:591
 msgid "Specified Groups"
 msgstr ""
 
-#: ipalib/plugins/internal.py:596
-msgid "Account"
-msgstr ""
-
 #: ipalib/plugins/internal.py:597
-msgid "Administrative account"
+msgid "Account"
 msgstr ""
 
 #: ipalib/plugins/internal.py:598
-msgid "SID blacklists"
+msgid "Administrative account"
 msgstr ""
 
 #: ipalib/plugins/internal.py:599
+msgid "SID blacklists"
+msgstr ""
+
+#: ipalib/plugins/internal.py:600
 msgid "Trust Settings"
 msgstr ""
 
-#: ipalib/plugins/internal.py:600 ipalib/plugins/realmdomains.py:73
+#: ipalib/plugins/internal.py:601 ipalib/plugins/realmdomains.py:73
 #: ipalib/plugins/trust.py:789
 msgid "Domain"
 msgstr ""
 
-#: ipalib/plugins/internal.py:601
+#: ipalib/plugins/internal.py:602
 msgid "Establish using"
 msgstr ""
 
-#: ipalib/plugins/internal.py:602 ipalib/plugins/trust.py:211
+#: ipalib/plugins/internal.py:603 ipalib/plugins/trust.py:211
 msgid "Domain NetBIOS name"
 msgstr ""
 
-#: ipalib/plugins/internal.py:603 ipalib/plugins/trust.py:215
+#: ipalib/plugins/internal.py:604 ipalib/plugins/trust.py:215
 msgid "Domain Security Identifier"
 msgstr ""
 
-#: ipalib/plugins/internal.py:604
+#: ipalib/plugins/internal.py:605
 msgid "Pre-shared password"
 msgstr ""
 
-#: ipalib/plugins/internal.py:605 ipalib/plugins/trust.py:134
+#: ipalib/plugins/internal.py:606 ipalib/plugins/trust.py:134
 msgid "Trust direction"
 msgstr ""
 
-#: ipalib/plugins/internal.py:606 ipalib/plugins/trust.py:138
+#: ipalib/plugins/internal.py:607 ipalib/plugins/trust.py:138
 msgid "Trust status"
 msgstr ""
 
-#: ipalib/plugins/internal.py:607 ipalib/plugins/trust.py:136
+#: ipalib/plugins/internal.py:608 ipalib/plugins/trust.py:136
 msgid "Trust type"
 msgstr ""
 
-#: ipalib/plugins/internal.py:613
-msgid "Account Settings"
-msgstr ""
-
 #: ipalib/plugins/internal.py:614
-msgid "Account Status"
+msgid "Account Settings"
 msgstr ""
 
 #: ipalib/plugins/internal.py:615
-msgid "Contact Settings"
+msgid "Account Status"
 msgstr ""
 
 #: ipalib/plugins/internal.py:616
-msgid "Employee Information"
+msgid "Contact Settings"
 msgstr ""
 
 #: ipalib/plugins/internal.py:617
-msgid "Error changing account status"
+msgid "Employee Information"
 msgstr ""
 
 #: ipalib/plugins/internal.py:618
-msgid "Password expiration"
+msgid "Error changing account status"
 msgstr ""
 
 #: ipalib/plugins/internal.py:619
-msgid "Mailing Address"
+msgid "Password expiration"
 msgstr ""
 
 #: ipalib/plugins/internal.py:620
-msgid "Misc. Information"
+msgid "Mailing Address"
 msgstr ""
 
 #: ipalib/plugins/internal.py:621
+msgid "Misc. Information"
+msgstr ""
+
+#: ipalib/plugins/internal.py:622
 msgid ""
 "Are you sure you want to ${action} the user?<br/>The change will take effect "
 "immediately."
 msgstr ""
 
-#: ipalib/plugins/internal.py:622
+#: ipalib/plugins/internal.py:623
 msgid "Click to ${action}"
 msgstr ""
 
-#: ipalib/plugins/internal.py:626 ipalib/plugins/passwd.py:80
+#: ipalib/plugins/internal.py:627 ipalib/plugins/passwd.py:80
 msgid "Current Password"
 msgstr ""
 
-#: ipalib/plugins/internal.py:627
-msgid "Current password is required"
-msgstr ""
-
 #: ipalib/plugins/internal.py:628
-msgid "Your password expires in ${days} days."
+msgid "Current password is required"
 msgstr ""
 
 #: ipalib/plugins/internal.py:629
+msgid "Your password expires in ${days} days."
+msgstr ""
+
+#: ipalib/plugins/internal.py:630
 msgid "The password or username you entered is incorrect."
 msgstr ""
 
-#: ipalib/plugins/internal.py:630 ipalib/plugins/passwd.py:77
+#: ipalib/plugins/internal.py:631 ipalib/plugins/passwd.py:77
 msgid "New Password"
 msgstr ""
 
-#: ipalib/plugins/internal.py:631
+#: ipalib/plugins/internal.py:632
 msgid "New password is required"
 msgstr ""
 
-#: ipalib/plugins/internal.py:633
-msgid "Password change complete"
-msgstr ""
-
 #: ipalib/plugins/internal.py:634
-msgid "Passwords must match"
+msgid "Password change complete"
 msgstr ""
 
 #: ipalib/plugins/internal.py:635
-msgid "Password reset was not successful."
+msgid "Passwords must match"
 msgstr ""
 
 #: ipalib/plugins/internal.py:636
-msgid "Reset Password"
+msgid "Password reset was not successful."
 msgstr ""
 
 #: ipalib/plugins/internal.py:637
-msgid "Reset your password."
+msgid "Reset Password"
 msgstr ""
 
 #: ipalib/plugins/internal.py:638
+msgid "Reset your password."
+msgstr ""
+
+#: ipalib/plugins/internal.py:639
 msgid "Verify Password"
 msgstr ""
 
-#: ipalib/plugins/internal.py:641
-msgid "Are you sure you want to delete selected entries?"
-msgstr ""
-
 #: ipalib/plugins/internal.py:642
-msgid "${count} item(s) deleted"
+msgid "Are you sure you want to delete selected entries?"
 msgstr ""
 
 #: ipalib/plugins/internal.py:643
-msgid "Are you sure you want to disable selected entries?"
+msgid "${count} item(s) deleted"
 msgstr ""
 
 #: ipalib/plugins/internal.py:644
-msgid "${count} item(s) disabled"
+msgid "Are you sure you want to disable selected entries?"
 msgstr ""
 
 #: ipalib/plugins/internal.py:645
-msgid "Are you sure you want to enable selected entries?"
+msgid "${count} item(s) disabled"
 msgstr ""
 
 #: ipalib/plugins/internal.py:646
-msgid "${count} item(s) enabled"
+msgid "Are you sure you want to enable selected entries?"
 msgstr ""
 
 #: ipalib/plugins/internal.py:647
-msgid "Some entries were not deleted"
+msgid "${count} item(s) enabled"
 msgstr ""
 
 #: ipalib/plugins/internal.py:648
-msgid "Quick Links"
+msgid "Some entries were not deleted"
 msgstr ""
 
 #: ipalib/plugins/internal.py:649
-msgid "Select All"
+msgid "Quick Links"
 msgstr ""
 
 #: ipalib/plugins/internal.py:650
+msgid "Select All"
+msgstr ""
+
+#: ipalib/plugins/internal.py:651
 msgid ""
 "Query returned more results than the configured size limit. Displaying the "
 "first ${counter} results."
 msgstr ""
 
-#: ipalib/plugins/internal.py:651
+#: ipalib/plugins/internal.py:652
 msgid "Unselect All"
 msgstr ""
 
-#: ipalib/plugins/internal.py:655
+#: ipalib/plugins/internal.py:656
 msgid "Disabled"
 msgstr ""
 
-#: ipalib/plugins/internal.py:661
-msgid "Audit"
-msgstr ""
-
 #: ipalib/plugins/internal.py:662
-msgid "Automember"
+msgid "Audit"
 msgstr ""
 
 #: ipalib/plugins/internal.py:663
+msgid "Automember"
+msgstr ""
+
+#: ipalib/plugins/internal.py:664
 msgid "Automount"
 msgstr ""
 
-#: ipalib/plugins/internal.py:665
-msgid "DNS"
-msgstr ""
-
 #: ipalib/plugins/internal.py:666
+msgid "DNS"
+msgstr ""
+
+#: ipalib/plugins/internal.py:667
 msgid "Host Based Access Control"
 msgstr ""
 
-#: ipalib/plugins/internal.py:668
-msgid "IPA Server"
-msgstr ""
-
 #: ipalib/plugins/internal.py:669
-msgid "Policy"
+msgid "IPA Server"
 msgstr ""
 
 #: ipalib/plugins/internal.py:670
-msgid "Role Based Access Control"
+msgid "Policy"
 msgstr ""
 
 #: ipalib/plugins/internal.py:671
+msgid "Role Based Access Control"
+msgstr ""
+
+#: ipalib/plugins/internal.py:672
 msgid "Sudo"
 msgstr ""
 
-#: ipalib/plugins/internal.py:672 ipalib/plugins/trust.py:200
+#: ipalib/plugins/internal.py:673 ipalib/plugins/trust.py:200
 msgid "Trusts"
 msgstr ""
 
-#: ipalib/plugins/internal.py:674
+#: ipalib/plugins/internal.py:675
 msgid "True"
 msgstr ""
 
-#: ipalib/plugins/internal.py:676
-msgid "Next"
-msgstr ""
-
 #: ipalib/plugins/internal.py:677
-msgid "Page"
+msgid "Next"
 msgstr ""
 
 #: ipalib/plugins/internal.py:678
-msgid "Prev"
+msgid "Page"
 msgstr ""
 
 #: ipalib/plugins/internal.py:679
-msgid "undo"
+msgid "Prev"
 msgstr ""
 
 #: ipalib/plugins/internal.py:680
+msgid "undo"
+msgstr ""
+
+#: ipalib/plugins/internal.py:681
 msgid "undo all"
 msgstr ""
 
-#: ipalib/plugins/internal.py:682
-msgid "Text does not match field pattern"
-msgstr ""
-
 #: ipalib/plugins/internal.py:683
-msgid "Must be a decimal number"
+msgid "Text does not match field pattern"
 msgstr ""
 
 #: ipalib/plugins/internal.py:684
-msgid "Must be an integer"
+msgid "Must be a decimal number"
 msgstr ""
 
 #: ipalib/plugins/internal.py:685
-msgid "Not a valid IP address"
+msgid "Must be an integer"
 msgstr ""
 
 #: ipalib/plugins/internal.py:686
-msgid "Not a valid IPv4 address"
+msgid "Not a valid IP address"
 msgstr ""
 
 #: ipalib/plugins/internal.py:687
-msgid "Not a valid IPv6 address"
+msgid "Not a valid IPv4 address"
 msgstr ""
 
 #: ipalib/plugins/internal.py:688
-msgid "Maximum value is ${value}"
+msgid "Not a valid IPv6 address"
 msgstr ""
 
 #: ipalib/plugins/internal.py:689
-msgid "Minimum value is ${value}"
+msgid "Maximum value is ${value}"
 msgstr ""
 
 #: ipalib/plugins/internal.py:690
-msgid "Not a valid network address"
+msgid "Minimum value is ${value}"
 msgstr ""
 
 #: ipalib/plugins/internal.py:691
-msgid "'${port}' is not a valid port"
+msgid "Not a valid network address"
 msgstr ""
 
 #: ipalib/plugins/internal.py:692
-msgid "Required field"
+msgid "'${port}' is not a valid port"
 msgstr ""
 
 #: ipalib/plugins/internal.py:693
+msgid "Required field"
+msgstr ""
+
+#: ipalib/plugins/internal.py:694
 msgid "Unsupported value"
 msgstr ""
 
-#: ipalib/plugins/internal.py:698
+#: ipalib/plugins/internal.py:699
 msgid "Dict of I18N messages"
 msgstr ""
 
@@ -8034,75 +8037,75 @@ msgstr ""
 msgid "Maximum password lifetime (in days)"
 msgstr ""
 
-#: ipalib/plugins/pwpolicy.py:241
-msgid "Min lifetime (hours)"
-msgstr ""
-
 #: ipalib/plugins/pwpolicy.py:242
+msgid "Min lifetime (hours)"
+msgstr ""
+
+#: ipalib/plugins/pwpolicy.py:243
 msgid "Minimum password lifetime (in hours)"
 msgstr ""
 
-#: ipalib/plugins/pwpolicy.py:247
-msgid "History size"
-msgstr ""
-
 #: ipalib/plugins/pwpolicy.py:248
+msgid "History size"
+msgstr ""
+
+#: ipalib/plugins/pwpolicy.py:249
 msgid "Password history size"
 msgstr ""
 
-#: ipalib/plugins/pwpolicy.py:253
-msgid "Character classes"
-msgstr ""
-
 #: ipalib/plugins/pwpolicy.py:254
+msgid "Character classes"
+msgstr ""
+
+#: ipalib/plugins/pwpolicy.py:255
 msgid "Minimum number of character classes"
 msgstr ""
 
-#: ipalib/plugins/pwpolicy.py:260
-msgid "Min length"
-msgstr ""
-
 #: ipalib/plugins/pwpolicy.py:261
+msgid "Min length"
+msgstr ""
+
+#: ipalib/plugins/pwpolicy.py:262
 msgid "Minimum length of password"
 msgstr ""
 
-#: ipalib/plugins/pwpolicy.py:267
+#: ipalib/plugins/pwpolicy.py:268
 msgid "Priority of the policy (higher number means lower priority"
 msgstr ""
 
-#: ipalib/plugins/pwpolicy.py:321
+#: ipalib/plugins/pwpolicy.py:322
 msgid "Maximum password life must be greater than minimum."
 msgstr ""
 
-#: ipalib/plugins/pwpolicy.py:340
+#: ipalib/plugins/pwpolicy.py:341
 msgid "Add a new group password policy."
 msgstr ""
 
-#: ipalib/plugins/pwpolicy.py:367
+#: ipalib/plugins/pwpolicy.py:368
 msgid "Delete a group password policy."
 msgstr ""
 
-#: ipalib/plugins/pwpolicy.py:379
+#: ipalib/plugins/pwpolicy.py:380
 msgid "cannot delete global password policy"
 msgstr ""
 
-#: ipalib/plugins/pwpolicy.py:395
+#: ipalib/plugins/pwpolicy.py:396
 msgid "Modify a group password policy."
 msgstr ""
 
-#: ipalib/plugins/pwpolicy.py:406
+#: ipalib/plugins/pwpolicy.py:407
 msgid "priority cannot be set on global policy"
 msgstr ""
 
-#: ipalib/plugins/pwpolicy.py:439
+#: ipalib/plugins/pwpolicy.py:440
 msgid "Display information about password policy."
 msgstr ""
 
-#: ipalib/plugins/pwpolicy.py:444
+#: ipalib/plugins/pwpolicy.py:445
 msgid "Display effective policy for a specific user"
 msgstr ""
 
-#: ipalib/plugins/pwpolicy.py:469
+#: ipalib/plugins/pwpolicy.py:470
 msgid "Search for group password policies."
 msgstr ""
 
@@ -9693,6 +9696,26 @@ msgstr ""
 msgid "Determine whether ipa-adtrust-install has been run on this system"
 msgstr ""
 
+#: ipalib/plugins/trust.py:998
+msgid ""
+"Determine whether Schema Compatibility plugin is configured to serve trusted "
+"domain users and groups"
+msgstr ""
+
+#: ipalib/plugins/trust.py:1051
+msgid "Determine whether ipa-adtrust-install has been run with sidgen task"
+msgstr ""
+
+#: ipalib/plugins/trust.py:1067
+msgid "sidgen_was_run"
+msgstr ""
+
+#: ipalib/plugins/trust.py:1069
+msgid ""
+"This command relies on the existence of the \"editors\" group, but this "
+"group was not found."
+msgstr ""
+
 #: ipalib/plugins/user.py:41
 msgid ""
 "\n"
@@ -10195,109 +10218,109 @@ msgid ""
 "                  message \"%(message)s\" (both may be \"None\")"
 msgstr ""
 
-#: ipaserver/dcerpc.py:182
+#: ipaserver/dcerpc.py:194
 msgid ""
 "communication with trusted domains is allowed for Trusts administrator group "
 "members only"
 msgstr ""
 
-#: ipaserver/dcerpc.py:202
+#: ipaserver/dcerpc.py:214
 msgid "no trusted domain is configured"
 msgstr ""
 
-#: ipaserver/dcerpc.py:209
+#: ipaserver/dcerpc.py:221
 msgid "domain is not configured"
 msgstr ""
 
-#: ipaserver/dcerpc.py:216
+#: ipaserver/dcerpc.py:228
 msgid "SID is not valid"
 msgstr ""
 
-#: ipaserver/dcerpc.py:231
+#: ipaserver/dcerpc.py:243
 msgid "SID does not match exactlywith any trusted domain's SID"
 msgstr ""
 
-#: ipaserver/dcerpc.py:242
+#: ipaserver/dcerpc.py:254
 msgid "SID does not match any trusted domain"
 msgstr ""
 
-#: ipaserver/dcerpc.py:282 ipaserver/dcerpc.py:288 ipaserver/dcerpc.py:550
+#: ipaserver/dcerpc.py:294 ipaserver/dcerpc.py:300 ipaserver/dcerpc.py:562
 msgid "Trust setup"
 msgstr ""
 
-#: ipaserver/dcerpc.py:283
+#: ipaserver/dcerpc.py:295
 msgid "Our domain is not configured"
 msgstr ""
 
-#: ipaserver/dcerpc.py:289
+#: ipaserver/dcerpc.py:301
 msgid "No trusted domain is not configured"
 msgstr ""
 
-#: ipaserver/dcerpc.py:294 ipaserver/dcerpc.py:309 ipaserver/dcerpc.py:326
-#: ipaserver/dcerpc.py:338 ipaserver/dcerpc.py:345 ipaserver/dcerpc.py:390
+#: ipaserver/dcerpc.py:306 ipaserver/dcerpc.py:321 ipaserver/dcerpc.py:338
+#: ipaserver/dcerpc.py:350 ipaserver/dcerpc.py:357 ipaserver/dcerpc.py:402
 msgid "trusted domain object"
 msgstr ""
 
-#: ipaserver/dcerpc.py:295
+#: ipaserver/dcerpc.py:307
 msgid "domain is not trusted"
 msgstr ""
 
-#: ipaserver/dcerpc.py:310
+#: ipaserver/dcerpc.py:322
 msgid "no trusted domain matched the specified flat name"
 msgstr ""
 
-#: ipaserver/dcerpc.py:312
+#: ipaserver/dcerpc.py:324
 msgid "trusted domain object not found"
 msgstr ""
 
-#: ipaserver/dcerpc.py:327 ipaserver/dcerpc.py:391
+#: ipaserver/dcerpc.py:339 ipaserver/dcerpc.py:403
 msgid "Ambiguous search, user domain was not specified"
 msgstr ""
 
-#: ipaserver/dcerpc.py:339
+#: ipaserver/dcerpc.py:351
 msgid "Trusted domain did not return a unique object"
 msgstr ""
 
-#: ipaserver/dcerpc.py:346
+#: ipaserver/dcerpc.py:358
 msgid "Trusted domain did not return a valid SID for the object"
 msgstr ""
 
-#: ipaserver/dcerpc.py:376 ipaserver/dcerpc.py:386
+#: ipaserver/dcerpc.py:388 ipaserver/dcerpc.py:398
 msgid "trusted domain user not found"
 msgstr ""
 
-#: ipaserver/dcerpc.py:486
+#: ipaserver/dcerpc.py:498
 #, python-format
 msgid ""
 "KDC for %(domain)s denied trust account for IPA domain with a message "
 "'%(message)s'"
 msgstr ""
 
-#: ipaserver/dcerpc.py:551
+#: ipaserver/dcerpc.py:563
 msgid "Cannot retrieve trusted domain GC list"
 msgstr ""
 
-#: ipaserver/dcerpc.py:692
+#: ipaserver/dcerpc.py:704
 msgid "CIFS credentials object"
 msgstr ""
 
-#: ipaserver/dcerpc.py:725
+#: ipaserver/dcerpc.py:737
 #, python-format
 msgid "CIFS server %(host)s denied your credentials"
 msgstr ""
 
-#: ipaserver/dcerpc.py:729
+#: ipaserver/dcerpc.py:741
 #, python-format
 msgid "Cannot establish LSA connection to %(host)s. Is CIFS server running?"
 msgstr ""
 
-#: ipaserver/dcerpc.py:881
+#: ipaserver/dcerpc.py:899
 #, python-format
 msgid ""
 "the IPA server and the remote domain cannot share the same NetBIOS name: %s"
 msgstr ""
 
-#: ipaserver/install/certs.py:676
+#: ipaserver/install/certs.py:639
 #, python-format
 msgid "Unable to communicate with CMS (%s)"
 msgstr ""
diff --git a/install/po/ja.po b/install/po/ja.po
index 994846d9dddde1409d66d1667bb1c2abe762b481..81e940a7bb2e9ae3e82ed9f0d41025cf1407c5ca 100644
--- a/install/po/ja.po
+++ b/install/po/ja.po
@@ -8,16 +8,16 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: FreeIPA\n"
-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
-"newticket\n"
+"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
+"product=freeIPA\n"
 "POT-Creation-Date: 2013-08-01 16:02+0200\n"
 "PO-Revision-Date: 2013-08-01 14:06+0000\n"
 "Last-Translator: Petr Viktorin <encukou@gmail.com>\n"
 "Language-Team: Japanese <trans-ja@lists.fedoraproject.org>\n"
-"Language: ja\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language: ja\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
 
 #, python-format
diff --git a/install/po/kn.po b/install/po/kn.po
index ffbae460dd0f2ebee6cc7c6ad9b7f5ccb3af4eeb..d058f978cdc887e7e67fa5f0a4ee9e698065e294 100644
--- a/install/po/kn.po
+++ b/install/po/kn.po
@@ -8,17 +8,17 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: FreeIPA\n"
-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
-"newticket\n"
+"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
+"product=freeIPA\n"
 "POT-Creation-Date: 2013-08-01 16:02+0200\n"
 "PO-Revision-Date: 2013-08-01 14:06+0000\n"
 "Last-Translator: Petr Viktorin <encukou@gmail.com>\n"
 "Language-Team: Kannada (http://www.transifex.com/projects/p/fedora/language/"
 "kn/)\n"
-"Language: kn\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language: kn\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
 
 #, python-format
diff --git a/install/po/nl.po b/install/po/nl.po
index 39ddf34ad8a75e182d2c8ef3607aa75aef64e79b..b12eb41e6d0bab0dd1696098703774be9bf29c55 100644
--- a/install/po/nl.po
+++ b/install/po/nl.po
@@ -7,17 +7,17 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: FreeIPA\n"
-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
-"newticket\n"
+"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
+"product=freeIPA\n"
 "POT-Creation-Date: 2013-08-01 16:02+0200\n"
 "PO-Revision-Date: 2013-08-01 14:06+0000\n"
 "Last-Translator: Petr Viktorin <encukou@gmail.com>\n"
 "Language-Team: Dutch (http://www.transifex.com/projects/p/fedora/language/"
 "nl/)\n"
-"Language: nl\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language: nl\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 #, c-format
diff --git a/install/po/pl.po b/install/po/pl.po
index e78992d67060f607a6d7b308c68aceb27cc33511..0068a4c57df2df71a2f4141caafa1556686fe0e2 100644
--- a/install/po/pl.po
+++ b/install/po/pl.po
@@ -9,16 +9,16 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: FreeIPA\n"
-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
-"newticket\n"
+"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
+"product=freeIPA\n"
 "POT-Creation-Date: 2013-08-01 16:02+0200\n"
 "PO-Revision-Date: 2013-08-01 14:06+0000\n"
 "Last-Translator: Petr Viktorin <encukou@gmail.com>\n"
 "Language-Team: Polish <trans-pl@lists.fedoraproject.org>\n"
-"Language: pl\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language: pl\n"
 "Plural-Forms: nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 "
 "|| n%100>=20) ? 1 : 2);\n"
 
diff --git a/install/po/ru.po b/install/po/ru.po
index fbf0d084cce98ac822f3f6553fe4b833c79cb550..d1fad20f8bb9f2fa09ccc7b4d0de2d18541f7081 100644
--- a/install/po/ru.po
+++ b/install/po/ru.po
@@ -10,16 +10,16 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: FreeIPA\n"
-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
-"newticket\n"
+"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
+"product=freeIPA\n"
 "POT-Creation-Date: 2013-08-01 16:02+0200\n"
 "PO-Revision-Date: 2013-08-01 14:06+0000\n"
 "Last-Translator: Petr Viktorin <encukou@gmail.com>\n"
 "Language-Team: Russian <trans-ru@lists.fedoraproject.org>\n"
-"Language: ru\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language: ru\n"
 "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
 "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
 
diff --git a/install/po/tg.po b/install/po/tg.po
index f777e5c2c5cdf2fd741426119a53bee9cded84c6..43697088fe91588851ba38c9c17a16d18a52633c 100644
--- a/install/po/tg.po
+++ b/install/po/tg.po
@@ -7,17 +7,17 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: FreeIPA\n"
-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
-"newticket\n"
+"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
+"product=freeIPA\n"
 "POT-Creation-Date: 2013-08-01 16:02+0200\n"
 "PO-Revision-Date: 2013-08-01 14:06+0000\n"
 "Last-Translator: Petr Viktorin <encukou@gmail.com>\n"
 "Language-Team: Tajik (http://www.transifex.com/projects/p/fedora/language/"
 "tg/)\n"
-"Language: tg\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language: tg\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 #, c-format
diff --git a/install/po/uk.po b/install/po/uk.po
index ce3fad840852f0e73abcdbf6c3b2ebfb9daeb9be..8489e42ebf1645bf1d0bc27e31a57ff49957cfc1 100644
--- a/install/po/uk.po
+++ b/install/po/uk.po
@@ -8,16 +8,16 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: FreeIPA\n"
-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
-"newticket\n"
+"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
+"product=freeIPA\n"
 "POT-Creation-Date: 2013-08-01 16:02+0200\n"
 "PO-Revision-Date: 2013-08-01 16:10+0000\n"
 "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
 "Language-Team: Ukrainian <trans-uk@lists.fedoraproject.org>\n"
-"Language: uk\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language: uk\n"
 "Plural-Forms: nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n"
 "%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);\n"
 
diff --git a/install/po/zh_CN.po b/install/po/zh_CN.po
index cbf5e4dcfe7ae279fb000530df79895dcc2653f0..4a0aacdad8527f7a40a014094e253863cd07dbc9 100644
--- a/install/po/zh_CN.po
+++ b/install/po/zh_CN.po
@@ -8,16 +8,16 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: FreeIPA\n"
-"Report-Msgid-Bugs-To: https://hosted.fedoraproject.org/projects/freeipa/"
-"newticket\n"
+"Report-Msgid-Bugs-To: https://bugzilla.redhat.com/enter_bug.cgi?"
+"product=freeIPA\n"
 "POT-Creation-Date: 2013-08-01 16:02+0200\n"
 "PO-Revision-Date: 2013-08-01 14:06+0000\n"
 "Last-Translator: Petr Viktorin <encukou@gmail.com>\n"
 "Language-Team: Chinese (China) <trans-zh_cn@lists.fedoraproject.org>\n"
-"Language: zh_CN\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
+"Language: zh_CN\n"
 "Plural-Forms: nplurals=1; plural=0;\n"
 
 #, python-format
-- 
1.8.3.1